credential device test specification onvif · onvif credential device test specification version...
TRANSCRIPT
ONVIF Credential Device Test Specification Version 18.12
ONVIF®Credential Device Test Specification
Version 18.12
December 2018
www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
© 2018 ONVIF, Inc. All rights reserved.
Recipients of this document may copy, distribute, publish, or display this document so long as thiscopyright notice, license and disclaimer are retained with all copies of the document. No license isgranted to modify this document.
THIS DOCUMENT IS PROVIDED "AS IS," AND THE CORPORATION AND ITS MEMBERSAND THEIR AFFILIATES, MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS ORIMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESSFOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OFTHIS DOCUMENT ARE SUITABLE FOR ANY PURPOSE; OR THAT THE IMPLEMENTATION OFSUCH CONTENTS WILL NOT INFRINGE ANY PATENTS, COPYRIGHTS, TRADEMARKS OROTHER RIGHTS.
IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLEFOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIALDAMAGES, ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THISDOCUMENT, WHETHER OR NOT (1) THE CORPORATION, MEMBERS OR THEIR AFFILIATESHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR (2) SUCH DAMAGESWERE REASONABLY FORESEEABLE, AND ARISING OUT OF OR RELATING TO ANYUSE OR DISTRIBUTION OF THIS DOCUMENT. THE FOREGOING DISCLAIMER ANDLIMITATION ON LIABILITY DO NOT APPLY TO, INVALIDATE, OR LIMIT REPRESENTATIONSAND WARRANTIES MADE BY THE MEMBERS AND THEIR RESPECTIVE AFFILIATES TOTHE CORPORATION AND OTHER MEMBERS IN CERTAIN WRITTEN POLICIES OF THECORPORATION.
2 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
REVISION HISTORY
Vers. Date Description
15.06 Jul, 2015 First issue of Credentials Test Specification
17.06 Feb 21, 2017 CREATE CREDENTIAL - NOT EMPTY CREDENTIAL TOKENupdated according to #1357
17.06 Mar 15, 2017 Note added into the following tests according to #1366:
CREATE CREDENTIAL - VALIDITY VALUES
MODIFY CREDENTIAL - VALIDITY VALUES
17.06 Apr 27, 2017 The following test cases were updated according to #1385:
CREDENTIAL-3-1-6 CREATE CREDENTIAL (DISABLED)
CREDENTIAL-3-1-5 CREATE CREDENTIAL (ENABLED)
CREDENTIAL-3-1-7 MODIFY CREDENTIAL
CREDENTIAL-5-1-2 SET CREDENTIAL IDENTIFIER – ADDINGNEW TYPE
CREDENTIAL-5-1-3 SET CREDENTIAL IDENTIFIER – REPLACEOF THE SAME TYPE
17.12 Aug 17, 2017 Current document name was changed from Credential TestSpecification to Credential Device Test Specification.
The document formatting was updated.
18.06 Jun 21, 2018 Reformatting document using new template
18.12 Oct 12, 2018 The following were updated in the scope of #1672:
Scope\Credential (updated with SetCredential)
Test Policy\Credential (updated with SetCredential)
CREDENTIAL-3-1-16 SET NEW CREDENTIAL (ENABLED) (added)
CREDENTIAL-3-1-17 SET NEW CREDENTIAL (DISABLED)(added)
CREDENTIAL-3-1-18 SET CREDENTIAL (added)
Annex A.21 Create Pull Point Subscription (added)
Annex A.22 Delete Subscription (added)
Annex A.23 Retrieve Credential Changed Event by PullPoint(added)
18.12 Dec 21, 2018 Switching Hub description in 'Network Configuration for DUT' sectionwas updated according to #1737
www.onvif.org 3
ONVIF Credential Device Test Specification Version 18.12
Table of Contents1 Introduction ........................................................................................................................ 9
1.1 Scope ....................................................................................................................... 9
1.1.1 Capabilities .................................................................................................. 10
1.1.2 Credential Info ............................................................................................. 10
1.1.3 Credential .................................................................................................... 10
1.1.4 Credential States ......................................................................................... 10
1.1.5 Credential Identifiers .................................................................................... 11
1.1.6 Credential Access Profiles ........................................................................... 11
1.1.7 Reset Antipassback Violations ..................................................................... 11
1.1.8 Credential Events ........................................................................................ 12
1.1.9 Consistency ................................................................................................. 12
2 Terms and Definitions ..................................................................................................... 13
2.1 Definitions ............................................................................................................... 13
2.2 Abbreviations .......................................................................................................... 13
3 Test Overview .................................................................................................................. 14
3.1 Test Setup .............................................................................................................. 14
3.1.1 Network Configuration for DUT .................................................................... 14
3.2 Prerequisites ........................................................................................................... 15
3.3 Test Policy .............................................................................................................. 15
3.3.1 Capabilities .................................................................................................. 15
3.3.2 Credential Info ............................................................................................. 16
3.3.3 Credential .................................................................................................... 17
3.3.4 Credential State ........................................................................................... 19
3.3.5 Credential Identifiers .................................................................................... 20
3.3.6 Credential Access Profiles ........................................................................... 21
3.3.7 Reset Antipassback Violations ..................................................................... 23
3.3.8 Credential Events ........................................................................................ 23
3.3.9 Consistency ................................................................................................. 24
4 Credential Test Cases ..................................................................................................... 25
4.1 Capabilities ............................................................................................................. 25
4 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
4.1.1 CREDENTIAL SERVICE CAPABILITIES ..................................................... 25
4.1.2 GET SERVICES AND GET CREDENTIAL SERVICE CAPABILITIES
CONSISTENCY ........................................................................................................ 25
4.2 Credential Info ........................................................................................................ 27
4.2.1 GET CREDENTIAL INFO ............................................................................ 27
4.2.2 GET CREDENTIAL INFO LIST - LIMIT ....................................................... 29
4.2.3 GET CREDENTIAL INFO LIST - START REFERENCE AND LIMIT ............. 31
4.2.4 GET CREDENTIAL INFO LIST - NO LIMIT ................................................. 34
4.2.5 GET CREDENTIAL INFO WITH INVALID TOKEN ....................................... 36
4.2.6 GET CREDENTIAL INFO - TOO MANY ITEMS .......................................... 37
4.3 Credential ............................................................................................................... 38
4.3.1 GET CREDENTIALS ................................................................................... 38
4.3.2 GET CREDENTIAL LIST - LIMIT ................................................................ 41
4.3.3 GET CREDENTIAL LIST - START REFERENCE AND LIMIT ...................... 43
4.3.4 GET CREDENTIAL LIST - NO LIMIT .......................................................... 48
4.3.5 CREATE CREDENTIAL (ENABLED) ........................................................... 50
4.3.6 CREATE CREDENTIAL (DISABLED) .......................................................... 55
4.3.7 MODIFY CREDENTIAL ............................................................................... 60
4.3.8 DELETE CREDENTIAL ............................................................................... 65
4.3.9 GET CREDENTIALS WITH INVALID TOKEN .............................................. 68
4.3.10 GET CREDENTIALS - TOO MANY ITEMS ............................................... 69
4.3.11 CREATE CREDENTIAL - NOT EMPTY CREDENTIAL TOKEN ................. 70
4.3.12 MODIFY CREDENTIAL WITH INVALID TOKEN ........................................ 72
4.3.13 DELETE CREDENTIAL WITH INVALID TOKEN ........................................ 73
4.3.14 CREATE CREDENTIAL - VALIDITY VALUES ............................................ 74
4.3.15 MODIFY CREDENTIAL - VALIDITY VALUES ............................................ 78
4.3.16 SET NEW CREDENTIAL (ENABLED) ....................................................... 82
4.3.17 SET NEW CREDENTIAL (DISABLED) ...................................................... 88
4.3.18 SET CREDENTIAL .................................................................................... 94
4.4 Credential State ...................................................................................................... 99
4.4.1 GET CREDENTIAL STATE .......................................................................... 99
www.onvif.org 5
ONVIF Credential Device Test Specification Version 18.12
4.4.2 CHANGE CREDENTIAL STATE ................................................................ 100
4.4.3 GET CREDENTIAL STATE WITH INVALID TOKEN .................................. 105
4.4.4 ENABLE CREDENTIAL WITH INVALID TOKEN ........................................ 106
4.4.5 DISABLE CREDENTIAL WITH INVALID TOKEN ....................................... 107
4.5 Credential Identifiers ............................................................................................. 108
4.5.1 GET CREDENTIAL IDENTIFIERS ............................................................. 108
4.5.2 SET CREDENTIAL IDENTIFIER – ADDING NEW TYPE ........................... 109
4.5.3 SET CREDENTIAL IDENTIFIER – REPLACE OF THE SAME TYPE ......... 113
4.5.4 DELETE CREDENTIAL IDENTIFIER ......................................................... 118
4.5.5 GET SUPPORTED FORMAT TYPES ........................................................ 121
4.5.6 GET CREDENTIAL IDENTIFIERS WITH INVALID TOKEN ........................ 122
4.5.7 SET CREDENTIAL IDENTIFIER WITH INVALID TOKEN .......................... 123
4.5.8 DELETE CREDENTIAL IDENTIFIER WITH INVALID CREDENTIAL
TOKEN ................................................................................................................... 125
4.5.9 DELETE CREDENTIAL IDENTIFIER WITH INVALID IDENTIFIER TYPE .. 126
4.5.10 DELETE CREDENTIAL IDENTIFIER - MIN IDENTIFIERS PER
CREDENTIAL ......................................................................................................... 127
4.6 Credential Access Profiles .................................................................................... 129
4.6.1 GET CREDENTIAL ACCESS PROFILES .................................................. 129
4.6.2 SET CREDENTIAL ACCESS PROFILES - ADDING NEW ACCESS
PROFILE ................................................................................................................ 130
4.6.3 SET CREDENTIAL ACCESS PROFILES - UPDATING ACCESS
PROFILE ................................................................................................................ 134
4.6.4 DELETE CREDENTIAL ACCESS PROFILES ........................................... 138
4.6.5 GET CREDENTIAL ACCESS PROFILES WITH INVALID TOKEN ............. 141
4.6.6 SET CREDENTIAL ACCESS PROFILES WITH INVALID CREDENTIAL
TOKEN ................................................................................................................... 142
4.6.7 DELETE CREDENTIAL ACCESS PROFILES WITH INVALID
CREDENTIAL TOKEN ........................................................................................... 144
4.7 Reset Antipassback Violations .............................................................................. 145
4.7.1 RESET ANTIPASSBACK VIOLATIONS ..................................................... 145
6 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
4.7.2 RESET ANTIPASSBACK VIOLATIONS WITH INVALID TOKEN ................ 149
4.8 Credential Events ................................................................................................. 150
4.8.1 CONFIGURATION CREDENTIAL CHANGED EVENT ............................... 150
4.8.2 CONFIGURATION CREDENTIAL REMOVED EVENT .............................. 151
4.8.3 CREDENTIAL STATE ENABLED EVENT .................................................. 152
4.8.4 CREDENTIAL STATE ANTIPASSBACK VIOLATION EVENT ..................... 154
4.9 Consistency .......................................................................................................... 156
4.9.1 GET CREDENTIAL AND GET ACCESS PROFILE INFO LIST
CONSISTENCY ...................................................................................................... 156
A Helper Procedures and Additional Notes .................................................................... 158
A.1 Get credentials information list ............................................................................. 158
A.2 Get service capabilities ........................................................................................ 159
A.3 Get credentials list ............................................................................................... 159
A.4 Change credential state ....................................................................................... 160
A.5 Get access profiles list ......................................................................................... 161
A.6 Delete credential .................................................................................................. 162
A.7 Free storage for additional credential ................................................................... 163
A.8 Get credential ....................................................................................................... 164
A.9 Get credential info ................................................................................................ 165
A.10 Restore credential .............................................................................................. 165
A.11 Create credential ................................................................................................ 166
A.12 Get access profiles information list ..................................................................... 168
A.13 Get credential state ............................................................................................ 169
A.14 Supported credential identifier format types ....................................................... 169
A.15 Get Credential Identifier type and value ............................................................. 170
A.16 Get Credential Identifier type name list with at least two Format Type ................ 171
A.17 Get Credential Identifier type and value for Type Name with at least two Format
Type ............................................................................................................................... 172
A.18 Create credential with two Credential identifier items ......................................... 174
A.19 Create access profile ......................................................................................... 175
A.20 Delete access profile .......................................................................................... 176
www.onvif.org 7
ONVIF Credential Device Test Specification Version 18.12
A.21 Create Pull Point Subscription ............................................................................ 177
A.22 Delete Subscription ............................................................................................ 178
A.23 Retrieve Credential Changed Event by PullPoint ............................................... 178
8 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
1 IntroductionThe goal of the ONVIF test specification set is to make it possible to realize fully interoperableIP physical security implementation from different vendors. The set of ONVIF test specificationdescribes the test cases need to verify the [ONVIF Core Specs] and [ONVIF Conformance]requirements. In addition, the test cases are to be basic inputs for some Profile specificationrequirements. It also describes the test framework, test setup, pre-requisites, test policies neededfor the execution of the described test cases.
This ONVIF Credential Test Specification acts as a supplementary document to the [ONVIF CoreSpecs], illustrating test cases need to be executed and passed. In addition, this specification actsas an input document to the development of test tool that will be used to test the ONVIF deviceimplementation conformance towards ONVIF standard. This test tool is referred as ONVIF Clienthereafter.
1.1 Scope
This ONVIF Credential Test Specification defines and regulates the conformance testing procedurefor the ONVIF conformant devices. Conformance testing is meant to be functional black-box testing.The objective of this specification is to provide test cases to test individual requirements of ONVIFdevices according to the ONVIF Credential Security Service, which is defined in [ONVIF CredentialSecurity Service].
The principal intended purposes are:
• Provide self-assessment tool for implementations.
• Provide comprehensive test suite coverage for [ONVIF Core Specs].
This specification does not address the following:
• Product use cases and non-functional (performance and regression) testing.
• SOAP Implementation Interoperability test i.e. Web Service Interoperability Basic Profileversion 2.0 (WS-I BP 2.0).
• Full coverage of network protocol implementation test for HTTP, HTTPS, RTP, RTSP, andTLS protocols.
The set of ONVIF Test Specification will not cover the complete set of requirements as defined in[ONVIF Core Specs]; instead, it will cover its subset.
This ONVIF Credential Test Specification covers the ONVIF Credential Service, which is a functionalblock of [ONVIF Core Specs]. The following section gives a brief overview of each functional blockand its scope.
www.onvif.org 9
ONVIF Credential Device Test Specification Version 18.12
1.1.1 Capabilities
The Capabilities section covers the test cases needed for getting capabilities from an ONVIF device.
The scope of this specification section is to cover the following functions:
• Getting Credential service address with GetServices command via Device service
• Getting capabilities with GetServiceCapabilities command
• Getting capabilities with GetServices command via Device service
1.1.2 Credential Info
The Credential Info section covers the test cases needed for getting credential list and informationfrom an ONVIF device.
The scope of this specification section is to cover the following functions:
• Getting credential information with GetCredentialInfo command
• Getting credential information list with GetCredentialInfoList command
1.1.3 Credential
The Credential section covers the test cases needed for getting credential from an ONVIF device.
The scope of this specification section is to cover the following functions:
• Getting credential with GetCredentials command
• Getting credential list with GetCredentialList command
• Creating credential with CreateCredential command
• Modifying credential with ModifyCredential command
• Deleting credential with DeleteCredential command
• Creating and modifying credential with SetCredential command
1.1.4 Credential States
The Credential States section covers the test cases needed for getting credential states from anONVIF device.
10 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
The scope of this specification section is to cover the following functions:
• Getting credential states with GetCredentialStates command
• Changing credential states with EnableCredential and DisableCredential commands
1.1.5 Credential Identifiers
The Credential Identifiers section covers the test cases needed for getting credential identifiers forspecified credential from an ONVIF device.
The scope of this specification section is to cover the following functions:
• Getting credential identifiers with GetCredentialIdentifiers command
• Adding credential identifiers with SetCredentialIdentifier command
• Updating credential identifiers with SetCredentialIdentifier command
• Deleting credential identifiers with DeleteCredentialIdentifier command
1.1.6 Credential Access Profiles
The Credential Access Profiles section covers the test cases needed for getting credential accessprofiles for specified credential from an ONVIF device.
The scope of this specification section is to cover the following functions:
• Getting credential access profiles with GetCredentialAccessProfiles command
• Adding credential access profiles with SetCredentialAccessProfile command
• Updating credential access profiles with SetCredentialAccessProfile command
• Deleting credential access profiles with DeleteCredentialAccessProfile command
1.1.7 Reset Antipassback Violations
The Reset Antipassback Violations section covers the test cases needed for resetting antipassbackviolations for specified credential from an ONVIF device.
The scope of this specification section is to cover the following functions:
• Resetting antipassback violations with ResetAntipassbackViolation command
www.onvif.org 11
ONVIF Credential Device Test Specification Version 18.12
1.1.8 Credential Events
The Credential Events section covers the test cases needed for checking specified events format.
The scope of this specification section is to cover the following functions:
• Getting event properties with GetEventProperties command
1.1.9 Consistency
Consistency test cases cover verification of consistency between different entities and commands.
Consistency between the following entities is covered by the following test case:
• Credential and Access Profile Info
12 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
2 Terms and Definitions
2.1 Definitions
This section defines terms that are specific to the ONVIF Credential Service and tests. For a list ofapplicable general terms and definitions, please see [ONVIF Base Test].
Credential A physical/tangible object, a piece of knowledge, or a facet of aperson's physical being, that enables an individual access to agiven physical facility or computer-based information system.
Credential Number A sequence of bytes uniquely identifying a credential at an accesspoint.
Credential Identifier
Credential State
Validity Period From a certain point in time, to a later point in time. If a validityperiod is set on several entities (such as credentials, accessprofile and the association between them), the resulting validityperiod is the intersection of the three period.
Duress Forcing a person to provide access to a secure area against thatperson's wishes.
2.2 Abbreviations
This section describes abbreviations used in this document.
DUT Device Under Test
HTTP Hyper Text Transport Protocol
PACS Physical Access Control System
www.onvif.org 13
ONVIF Credential Device Test Specification Version 18.12
3 Test OverviewThis section provides information the test setup procedure and required prerequisites, and the testpolicies that should be followed for test case execution.
3.1 Test Setup
3.1.1 Network Configuration for DUT
The generic test configuration for the execution of test cases defined in this document is as shownbelow (Figure 4.1).
Based on the individual test case requirements, some of the entities in the below setup may not beneeded for the execution of those corresponding test cases.
Figure 3.1. Test Configuration for DUT
DUT: ONVIF device to be tested. Hereafter, this is referred to as DUT (Device Under Test).
ONVIF Client (Test Tool): Tests are executed by this system and it controls the behavior of theDUT. It handles both expected and unexpected behavior.
HTTP Proxy: provides facilitation in case of RTP and RTSP tunneling over HTTP.
Wireless Access Point: provides wireless connectivity to the devices that support wirelessconnection.
14 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
DNS Server: provides DNS related information to the connected devices.
DHCP Server: provides IPv4 Address to the connected devices.
NTP Server: provides time synchronization between ONVIF Client and DUT.
Switching Hub: provides network connectivity among all the test equipments in the testenvironment. All devices should be connected to the Switching Hub. When running multiple testinstances in parallel on the same network, the Switching Hub should be configured to use filteringin order to avoid multicast traffic being flooded to all ports, because this may affect test stability.
Router: provides router advertisements for IPv6 configuration.
3.2 Prerequisites
The pre-requisites for executing the test cases described in this Test Specification are:
• The DUT shall be configured with an IPv4 address.
• The DUT shall be IP reachable [in the test configuration].
• The DUT shall be able to be discovered by the Test Tool.
• The DUT shall be configured with the time, i.e. manual configuration of UTC time and if NTPis supported by DUT then NTP time shall be synchronized with NTP Server.
3.3 Test Policy
This section describes the test policies specific to the test case execution of each functional block.
The DUT shall adhere to the test policies defined in this section.
3.3.1 Capabilities
The test policies specific to the test case execution of Capabilities functional block:
• DUT shall give the Credential Service entry point by GetServices command, if DUT supportsthis service. Otherwise, these test cases will be skipped.
• DUT shall support the following commands:
• GetServices
• GetServiceCapabilities
• The following tests are performed
www.onvif.org 15
ONVIF Credential Device Test Specification Version 18.12
• Getting capabilities with GetServiceCapabilities command
• Getting capabilities with GetServices command
Please, refer to Section 4.1 for Capabilities Test Cases.
3.3.2 Credential Info
The test policies specific to the test case execution of Credential Info functional block:
• DUT shall give the Credential Service entry point by GetServices command, if DUT supportsthis service. Otherwise, these test cases will be skipped.
• DUT shall support the following commands:
• GetServices
• GetServiceCapabilities
• GetCredentialInfo
• GetCredentialInfoList
• DUT shall not return more items in GetCredentialInfo and GetCredentialInfoList responsesthan specified in service capabilities by MaxLimit.
• DUT shall not return more items in GetCredentialInfoList response than specified by Limitparameter in a request.
• DUT shall not return items with the same tokens in GetCredentialInfoList responses for onecredential info list receiving.
• DUT shall not return more CredentialInfo items in GetCredentialInfoList responses thanspecified in service capabilities by MaxCredentials.
• DUT shall not return any fault if GetCredentialInfo was invoked for non-exciting Credentialtoken. Such tokens shall be ignored.
• DUT shall return SOAP 1.2 fault message (InvalidArgs/TooManyItems) if more items thanMaxLimit was requested by GetCredentialInfo command.
• The following tests are performed
• Getting credential info with GetCredentialInfo command
• Getting credential info list with GetCredentialInfoList command with using different Limitand NextReference values
16 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• Getting credential info with invalid credential token
• Getting credential info with number of requested items is greater than MaxLimit
Please refer to Section 4.2 for Credential Info Test Cases.
3.3.3 Credential
The test policies specific to the test case execution of Credential functional block:
• DUT shall give the Credential Service entry point by GetServices command, if DUT supportsthis service. Otherwise, these test cases will be skipped.
• DUT shall support the following commands:
• GetServices
• GetServiceCapabilities
• GetCredentials
• GetCredentialList
• GetCredentialInfoList
• CreateCredential
• ModifyCredential
• DeleteCredential
• If DUT supports Client Supplied Token as indicated byCapabilities.ClientSuppliedTokenSupported = true, DUT shall support the followingcommands:
• SetCredential
• DUT shall return only requested items in GetCredentials response that specified inGetCredentials request.
• DUT shall return all requested items in GetCredentials response that specified inGetCredentials request.
• DUT shall not return more items in GetCredentials responses than specified in servicecapabilities by MaxLimit.
www.onvif.org 17
ONVIF Credential Device Test Specification Version 18.12
• DUT shall return the same information in GetCredentials responses and inGetCredentialInfoList responses for the items with the same token.
• DUT shall not return more items in GetCredentialList response than specified by Limitparameter in a request.
• DUT shall not return items with the same tokens in GetCredentialList responses for onecredential list receiving.
• DUT shall return the same information in GetCredentials responses and in GetCredentialListresponses for the items with the same token.
• DUT shall return the same information in GetCredentialList responses and inGetCredentialInfoList responses for the items with the same token.
• DUT shall return the credentials in GetCredentialList responses and in GetCredentialInfoListresponses.
• DUT shall return SOAP 1.2 fault message (InvalidArgs/TooManyItems) if more items thanMaxLimit was requested by GetCredentials command.
• The DUT shall support creating of credential.
• The DUT shall support modifying of credential.
• The DUT shall support deleting of credential.
• If DUT supports Client Supplied Token as indicated byCapabilities.ClientSuppliedTokenSupported = true, creating and modifying of schedule usingSetCredential command.
• The DUT shall support time value for validity of the credential if ValiditySupportsTimeValueis supported by the DUT.
• DUT shall return SOAP 1.2 fault message (InvalidArgs) if credential token is specified inCreateCredential request.
• DUT should return SOAP 1.2 fault message (InvalidArgVal/NotFound) if ModifyCredential orDeleteCredential command was invoked for non-exciting credential token.
• The following tests are performed
• Getting credential with GetCredential command and test that it includes the sameinformation with GetCredentialInfoList command
• Getting credential info list with GetCredentialList command with using different Limitand NextReference values and test that it includes the same information withGetCredentialInfoList command
18 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• Creating credential with CreateCredential command and test that correspondingnotification message is received
• Modifying credential with ModifyCredential command and test that correspondingnotification message is received
• Deleting credential with DeleteCredential command and test that corresponding notificationmessage is received
• Getting credentials with invalid credential token
• Getting credentials with number of requested items is greater than MaxLimit
• Creating credential with CreateCredential command with specified token
• Modifying credential with ModifyCredential command with invalid token
• Deleting credential with DeleteCredential command with invalid token
• Creating credential with validity values
• Modifying credential with validity values
• If DUT supports Client Supplied Token as indicated byCapabilities.ClientSuppliedTokenSupported = true:
• Creating schedule with SetCredential command with empty token and test thatcorresponding notification message is received
• Modifying schedule with SetCredential command and test that corresponding notificationmessage is received
Please refer to Section 4.3 for Credential Test Cases.
3.3.4 Credential State
The test policies specific to the test case execution of Credential functional block:
• DUT shall give the Credential Service entry point by GetServices command, if DUT supportsthis service. Otherwise, these test cases will be skipped.
• DUT shall support the following commands:
• GetServices
• GetCredentialState
www.onvif.org 19
ONVIF Credential Device Test Specification Version 18.12
• GetCredentialInfoList
• EnableCredential
• DisableCredential
• DUT should return SOAP 1.2 fault message (InvalidArgVal\NotFound) if GetCredentialStateor EnableCredential or DisableCredential command was invoked for non-exciting credentialtoken.
• The following tests are performed
• Getting credential state with GetCredentialState command
• Changing credential states with EnableCredential and DisableCredential commands
• Getting credential state with GetCredentialState command with invalid token
• Changing credential states with EnableCredential and DisableCredential commands withinvalid token
Please refer to Section 4.4 for Credential State Test Cases.
3.3.5 Credential Identifiers
The test policies specific to the test case execution of Credential Identifiers functional block:
• DUT shall give the Credential Service entry point by GetServices command, if DUT supportsthis service. Otherwise, these test cases will be skipped.
• DUT shall support the following commands:
• GetServices
• GetCredentialIdentifiers
• GetCredentialList
• SetCredentialIdentifier
• DeleteCredentialIdentifier
• DUT shall return the same credential identifiers information in GetCredentialList responsesand in GetCredentialIdentifiers responses for the credentials with the same token.
• DUT shall not return items with the same type name in GetCredentialIdentifiers responses.
20 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• DUT shall not return items in GetCredentials responses with Type.Name other than specifiedin service capabilities by SupportedIdentifierTypes.
• DUT should return SOAP 1.2 fault message (InvalidArgVal\NotFound) ifGetCredentialIdentifiers or SetCredentialIdentifier or DeleteCredentialIdentifier commandwas invoked for non-exciting credential token.
• DUT should return SOAP 1.2 fault message (InvalidArgVal\NotFound) ifDeleteCredentialIdentifiers command was invoked for non-exciting identifier type.
• DUT should return SOAP 1.2 fault message (ConstraintViolated\MinIdentifiersPerCredential)if DeleteCredentialIdentifiers command was invoked when credential contains only oneCredential Identifier.
• The following tests are performed
• Getting credential identifiers with GetCredentialIdentifiers command
• Adding credential identifiers with SetCredentialIdentifier command
• Updating credential identifiers with SetCredentialIdentifier command
• Deleting credential identifiers with DeleteCredentialIdentifier command
• Getting credential identifiers with GetCredentialIdentifiers command with invalid token
• Adding credential identifiers with SetCredentialIdentifier command with invalid token
• Deleting credential identifiers with DeleteCredentialIdentifier command with invalidcredential token
• Deleting credential identifiers with DeleteCredentialIdentifier command with invalididentifier type
• Deleting the last credential identifier with DeleteCredentialIdentifier command
Please refer to Section 4.5 for Credential Identifiers Test Cases.
3.3.6 Credential Access Profiles
The test policies specific to the test case execution of Credential Access Profiles functional block:
• DUT shall give the Credential Service entry point by GetServices command, if DUT supportsthis service. Otherwise, these test cases will be skipped.
• DUT shall support the following commands:
www.onvif.org 21
ONVIF Credential Device Test Specification Version 18.12
• GetServices
• GetCredentialAccessProfiles
• GetCredentialList
• SetCredentialAccessProfile
• DeleteCredentialAccessProfile
• DUT shall return the same credential access profiles information in GetCredentialListresponses and in GetCredentialAccessProfiles responses for the credentials with the sametoken.
• DUT shall not return items with the same access profile token in GetCredentialAccessProfilesresponses.
• DUT shall not return more items in GetCredentialAccessProfiles responses than specified inservice capabilities by MaxAccessProfilesPerCredential.
• The DUT shall support time value for of the validity for the association between the credentialand the access profile if ValiditySupportsTimeValue is supported by the DUT.
• DUT should return SOAP 1.2 fault message (InvalidArgVal\NotFound) if GetCredentialAccessProfiles or SetCredentialAccessProfile orDeleteCredentialAccessProfile command was invoked for non-exciting credential token.
• The following tests are performed
• Getting credential access profiles with GetCredentialAccessProfiles command
• Adding credential access profiles with SetCredentialAccessProfile command
• Updating credential access profiles with SetCredentialAccessProfile command
• Deleting credential access profiles with DeleteCredentialAccessProfile command
• Getting credential access profiles with GetCredentialAccessProfiles command with invalidtoken
• Adding credential access profiles with SetCredentialAccessProfile command with invalidtoken
• Deleting credential access profiles with DeleteCredentialAccessProfile command withinvalid token
Please refer to Section 4.6 for Credential Access Profiles Test Cases.
22 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
3.3.7 Reset Antipassback Violations
The test policies specific to the test case execution of Reset Antipassback Violations functionalblock:
• DUT shall give the Credential Service entry point by GetServices command, if DUT supportsthis service. Otherwise, these test cases will be skipped.
• If DUT returns Reset Antipassback Violations capability as supported, then DUT shall supportResetAntipassbackViolation command. Otherwise, these test cases will be skipped.
• DUT shall support the following commands:
• GetServices
• CreateCredential
• DUT should return SOAP 1.2 fault message (InvalidArgVal\NotFound) ifResetAntipassbackViolation command was invoked for non-exciting credential token.
• The following tests are performed:
• Resetting antipassback violations with ResetAntipassbackViolation command
• Resetting antipassback violations with ResetAntipassbackViolation command with invalidcredential token.
Please refer to Section 4.7 for Reset Antipassback Violations Test Cases.
3.3.8 Credential Events
The test policies specific to the test case execution of Credential Events functional block:
• DUT shall give the Credential Service and Event Service entry points by GetServicescommand, if DUT supports this service. Otherwise, these test cases will be skipped.
• DUT shall support the following commands:
• GetServices
• GetEventProperties
• The following tests are performed
• Getting event properties with GetEventProperties command
Please refer to Section 4.8 for Credential Events Test Cases.
www.onvif.org 23
ONVIF Credential Device Test Specification Version 18.12
3.3.9 Consistency
The test policies specific to the test case execution of Consistency functional block:
• DUT shall give the Credential Service and Access Rules Service entry points by GetServicescommand, if DUT supports this service. Otherwise, these test cases will be skipped.
• DUT shall support the following commands:
• GetServices
• GetAccessProfileInfo
• GetCredentials
• The following tests are performed
• Credential and Access Profile Info
Please refer to Section 4.9 for Consistency Test Cases.
24 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
4 Credential Test Cases
4.1 Capabilities
4.1.1 CREDENTIAL SERVICE CAPABILITIES
Test Case ID: CREDENTIAL-1-1-1
Specification Coverage: ServiceCapabilities (ONVIF Credential Service Specification),GetServiceCapabilities command (ONVIF Credential Service Specification)
Feature Under Test: GetServiceCapabilities (for Credential Service)
WSDL Reference: credential.wsdl
Test Purpose: To verify DUT Credential Service Capabilities.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client invokes GetServiceCapabilities.
4. The DUT responds with a GetServiceCapabilitiesResponse message with parameters
• Capabilities =: cap
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetServiceCapabilitiesResponse message.
4.1.2 GET SERVICES AND GET CREDENTIAL SERVICECAPABILITIES CONSISTENCY
Test Case ID: CREDENTIAL-1-1-2
www.onvif.org 25
ONVIF Credential Device Test Specification Version 18.12
Specification Coverage: Capability exchange (ONVIF Core Specification), ServiceCapabilities(ONVIF Credential Service Specification), GetServiceCapabilities command (ONVIF CredentialService Specification)
Feature Under Test: GetServices, GetServiceCapabilities (for Credential Service)
WSDL Reference: devicemgmt.wsdl, credential.wsdl
Test Purpose: To verify Get Services and Credential Service Capabilities consistency.
Pre-Requisite: None.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client invokes GetServices with parameters
• IncludeCapability := true
4. The DUT responds with a GetServicesResponse message with parameters
• Services list =: servicesList
5. ONVIF Client selects Service with Service.Namespace = "http://www.onvif.org/ver10/credential/wsdl":
• Services list [Namespace = "http://www.onvif.org/ver10/credential/wsdl"] =:credentialService
6. ONVIF Client invokes GetServiceCapabilities.
7. The DUT responds with a GetServiceCapabilitiesResponse message with parameters
• Capabilities =: cap
8. If cap differs from credentialService.Capabilities.Capabilities, FAIL the test.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetServicesResponse message.
26 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• The DUT did not send GetServiceCapabilitiesResponse message.
Note: The following fields are compared at step 8:
• SupportedIdentifierType list
• MaxLimit
• CredentialValiditySupported
• CredentialAccessProfileValiditySupported
• MaxCredentials
• MaxAccessProfilesPerCredential
• ResetAntipassbackSupported
• ValiditySupportsTimeValue
4.2 Credential Info
4.2.1 GET CREDENTIAL INFO
Test Case ID: CREDENTIAL-2-1-1
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification),GetCredentialInfo command (ONVIF Credential Service Specification)
Feature Under Test: GetCredentialInfo
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential Info.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of credential info (out credentialInfoCompleteList) byfollowing the procedure mentioned in Annex A.1.
4. If credentialInfoCompleteList is empty, skip other steps.
www.onvif.org 27
ONVIF Credential Device Test Specification Version 18.12
5. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
6. Set the following:
• tokenList := [subset of credentialInfoCompleteList.token values with items number equalto cap.MaxLimit]
7. ONVIF client invokes GetCredentialInfo with parameters
• Token list := tokenList
8. The DUT responds with GetCredentialInfoResponse message with parameters
• CredentialInfo list =: credentialInfoList1
9. If credentialInfoList1 does not contain CredentialInfo item for each token from tokenList,FAIL the test and skip other steps.
10. If credentialInfoList1 contains at least two CredentialInfo item with equal token, FAIL the testand skip other steps.
11. If credentialInfoList1 contains other CredentialInfo items than listed in tokenList, FAIL thetest and skip other steps.
12.For each CredentialInfo.token token from credentialInfoCompleteList repeat the followingsteps:
12.1. ONVIF client invokes GetCredentialInfo with parameters
• Token[0] := token
12.2. The DUT responds with GetCredentialInfoResponse message with parameters
• CredentialInfo list =: credentialInfoList2
12.3. If credentialInfoList2 does not contain only one CredentialInfo item with token equal totoken, FAIL the test and skip other steps.
12.4. If credentialInfoList2[0] item is not equal to credentialInfoCompleteList[token = token]item, FAIL the test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
28 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• DUT did not send GetCredentialInfoResponse message.
Note: If number of items in credentialInfoCompleteList is less than cap.MaxLimit, then allcredentialInfoCompleteList.Token items shall be used for the step 6.
Note: The following fields are compared at step 12.4:
• CredentialInfo:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
4.2.2 GET CREDENTIAL INFO LIST - LIMIT
Test Case ID: CREDENTIAL-2-1-2
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification),GetCredentialInfoList command (ONVIF Credential Service Specification)
Feature Under Test: GetCredentialInfoList
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential Info List using Limit.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF client invokes GetCredentialInfoList with parameters
• Limit := 1
• StartReference skipped
www.onvif.org 29
ONVIF Credential Device Test Specification Version 18.12
5. The DUT responds with GetCredentialInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoList1
6. If credentialInfoList1 contains more CredentialInfo items than 1, FAIL the test and skip othersteps.
7. If cap.MaxLimit is equal to 1, skip other steps.
8. ONVIF client invokes GetCredentialInfoList with parameters
• Limit := cap.MaxLimit
• StartReference skipped
9. The DUT responds with GetCredentialInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoList2
10. If credentialInfoList2 contains more CredentialInfo items than cap.MaxLimit, FAIL the testand skip other steps.
11. If cap.MaxLimit is equal to 2, skip other steps.
12.Set the following:
• limit := [number between 1 and cap.MaxLimit]
13.ONVIF client invokes GetCredentialInfoList with parameters
• Limit := limit
• StartReference skipped
14.The DUT responds with GetCredentialInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoList3
15. If credentialInfoList3 contains more CredentialInfo items than limit, FAIL the test and skipother steps.
Test Result:
PASS –
30 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• DUT passes all assertions.
FAIL –
• DUT did not send GetCredentialInfoListResponse message.
4.2.3 GET CREDENTIAL INFO LIST - START REFERENCEAND LIMIT
Test Case ID: CREDENTIAL-2-1-3
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification),GetCredentialInfoList command (ONVIF Credential Service Specification)
Feature Under Test: GetCredentialInfoList
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential Info List using StartReference and Limit.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF client invokes GetCredentialInfoList with parameters
• Limit := cap.MaxLimit
• StartReference skipped
5. The DUT responds with GetCredentialInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoCompleteList1
6. If credentialInfoCompleteList1 contains more CredentialInfo items than cap.MaxLimit, FAILthe test and skip other steps.
7. Until nextStartReference is not null, repeat the following steps:
www.onvif.org 31
ONVIF Credential Device Test Specification Version 18.12
7.1. ONVIF client invokes GetCredentialInfoList with parameters
• Limit := cap.MaxLimit
• StartReference := nextStartReference
7.2. The DUT responds with GetCredentialInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoListPart
7.3. If credentialInfoListPart contains more CredentialInfo items than cap.MaxLimit, FAILthe test and skip other steps.
7.4. Set the following:
• credentialInfoCompleteList1 := credentialInfoCompleteList1 + credentialInfoListPart
8. If credentialInfoCompleteList1 contains at least two CredentialInfo items with equal token,FAIL the test and skip other steps.
9. If cap.MaxLimit is equal to 1, skip other steps.
10.ONVIF client invokes GetCredentialInfoList with parameters
• Limit := 1
• StartReference skipped
11. The DUT responds with GetCredentialInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoCompleteList2
12. If credentialInfoCompleteList2 contains more CredentialInfo items than 1, FAIL the test andskip other steps.
13.Until nextStartReference is not null, repeat the following steps:
13.1. ONVIF client invokes GetCredentialInfoList with parameters
• Limit := 1
• StartReference := nextStartReference
13.2. The DUT responds with GetCredentialInfoListResponse message with parameters
32 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoListPart
13.3. If credentialInfoListPart contains more CredentialInfo items than 1, FAIL the test andskip other steps.
13.4. Set the following:
• credentialInfoCompleteList2 := credentialInfoCompleteList2 + credentialInfoListPart
14. If credentialInfoCompleteList2 contains at least two CredentialInfo items with equal token,FAIL the test and skip other steps.
15. If credentialInfoCompleteList2 does not contain all credentials fromcredentialInfoCompleteList1, FAIL the test and skip other steps.
16. If credentialInfoCompleteList2 contains credentials other than credentials fromcredentialInfoCompleteList1, FAIL the test and skip other steps.
17. If cap.MaxLimit is equal to 2, skip other steps.
18.Set the following:
• limit := [number between 1 and cap.MaxLimit]
19.ONVIF client invokes GetCredentialInfoList with parameters
• Limit := limit
• StartReference skipped
20.The DUT responds with GetCredentialInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoCompleteList3
21. If credentialInfoCompleteList3 contains more CredentialInfo items than limit, FAIL the testand skip other steps.
22.Until nextStartReference is not null, repeat the following steps:
22.1. ONVIF client invokes GetCredentialInfoList with parameters
• Limit := limit
• StartReference := nextStartReference
www.onvif.org 33
ONVIF Credential Device Test Specification Version 18.12
22.2. The DUT responds with GetCredentialInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoListPart
22.3. If credentialInfoListPart contains more CredentialInfo items than limit, FAIL the testand skip other steps.
22.4. Set the following:
• credentialInfoCompleteList3 := credentialInfoCompleteList3 + credentialInfoListPart
23. If credentialInfoCompleteList3 contains at least two CredentialInfo items with equal token,FAIL the test and skip other steps.
24. If credentialInfoCompleteList3 does not contain all credentials fromcredentialInfoCompleteList1, FAIL the test and skip other steps.
25. If credentialInfoCompleteList3 contains credentials other than credentials fromcredentialInfoCompleteList1, FAIL the test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetCredentialInfoListResponse message.
4.2.4 GET CREDENTIAL INFO LIST - NO LIMIT
Test Case ID: CREDENTIAL-2-1-4
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification),GetCredentialInfoList command (ONVIF Credential Service Specification)
Feature Under Test: GetCredentialInfoList
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential Info List without using Limit.
Pre-Requisite: Credential Service is received from the DUT.
34 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF client invokes GetCredentialInfoList with parameters
• Limit skipped
• StartReference skipped
5. The DUT responds with GetCredentialInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoCompleteList
6. If credentialInfoCompleteList contains more CredentialInfo items than cap.MaxLimit, FAILthe test and skip other steps.
7. Until nextStartReference is not null, repeat the following steps:
7.1. ONVIF client invokes GetCredentialInfoList with parameters
• Limit skipped
• StartReference := nextStartReference
7.2. The DUT responds with GetCredentialInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoListPart
7.3. If credentialInfoListPart contains more CredentialInfo items than cap.MaxLimit, FAILthe test and skip other steps.
7.4. Set the following:
• credentialInfoCompleteList := credentialInfoCompleteList + credentialInfoListPart
8. If credentialInfoCompleteList contains at least two CredentialInfo items with equal token,FAIL the test.
www.onvif.org 35
ONVIF Credential Device Test Specification Version 18.12
9. If credentialInfoCompleteList contains more CredentialInfo items than cap.MaxCredentials,FAIL the test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetCredentialInfoListResponse message.
4.2.5 GET CREDENTIAL INFO WITH INVALID TOKEN
Test Case ID: CREDENTIAL-2-1-5
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification),GetCredentialInfo command (ONVIF Credential Service Specification)
Feature Under Test: GetCredentialInfo
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential Info with invalid token.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of credential info (out credentialInfoCompleteList) byfollowing the procedure mentioned in Annex A.1.
4. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
5. ONVIF client invokes GetCredentialInfo with parameters
• Token[0] := invalidToken
6. The DUT responds with GetCredentialInfoResponse message with parameters
• CredentialInfo list =: credentialInfoList
36 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
7. If credentialInfoList is not empty, FAIL the test.
8. If credentialInfoCompleteList is empty, skip other steps.
9. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
10. If cap.MaxLimit is less than 2, skip other steps.
11. ONVIF client invokes GetCredentialInfo with parameters
• Token[0] := invalidToken
• Token[1] := credentialInfoCompleteList[0].token
12.The DUT responds with GetCredentialInfoResponse message with parameters
• CredentialInfo list =: credentialInfoList
13. If credentialInfoList is empty, FAIL the test.
14. If credentialInfoList contains more than one item, FAIL the test.
15. If credentialInfoList[0].token does not equal to credentialInfoCompleteList[0].token, FAIL thetest.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetCredentialInfoResponse message.
4.2.6 GET CREDENTIAL INFO - TOO MANY ITEMS
Test Case ID: CREDENTIAL-2-1-6
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification),GetCredentialInfo command (ONVIF Credential Service Specification)
Feature Under Test: GetCredentialInfo
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential Info in case if there a more items than MaxLimit in request.
Pre-Requisite: Credential Service is received from the DUT.
www.onvif.org 37
ONVIF Credential Device Test Specification Version 18.12
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of credential info (out credentialInfoCompleteList) byfollowing the procedure mentioned in Annex A.1.
4. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
5. If credentialInfoCompleteList.token items number is less than cap.MaxLimit or equal tocap.MaxLimit, skip other steps.
6. Set the following:
• tokenList := [subset of credentialInfoCompleteList.token values with items number equalto cap.MaxLimit + 1]
7. ONVIF client invokes GetCredentialInfo with parameters
• Token list := tokenList
8. The DUT returns env:Sender\ter:InvalidArgs\ter:TooManyItems SOAP 1.2 fault.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgs\ter:TooManyItems SOAP 1.2 fault.
4.3 Credential
4.3.1 GET CREDENTIALS
Test Case ID: CREDENTIAL-3-1-1
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification), Credential(ONVIF Credential Service Specification), GetCredentials command (ONVIF Credential ServiceSpecification)
Feature Under Test: GetCredentials
38 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
4. If credentialCompleteList is empty, skip other steps.
5. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
6. Set the following:
• tokenList := [subset of credentialCompleteList.token values with items number equal tocap.MaxLimit]
7. ONVIF client invokes GetCredentials with parameters
• Token list := tokenList
8. The DUT responds with GetCredentialsResponse message with parameters
• Credential list =: credentialList1
9. If credentialList1 does not contain Credential item for each token from tokenList, FAIL thetest and skip other steps.
10. If credentialList1 contains at least two Credential items with equal token, FAIL the test andskip other steps.
11. If credentialList1 contains other Credential items than listed in tokenList, FAIL the test andskip other steps.
12.For each Credential.token token from credentialCompleteList repeat the following steps:
12.1. ONVIF client invokes GetCredentials with parameters
• Token[0] := token
www.onvif.org 39
ONVIF Credential Device Test Specification Version 18.12
12.2. The DUT responds with GetCredentialsResponse message with parameters
• Credential list =: credentialList2
12.3. If credentialList2 does not contain only one Credential item with token equal to token,FAIL the test and skip other steps.
12.4. If credentialList2[0] item does not have equal field values tocredentialCompleteList[token = token] item, FAIL the test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetCredentialsResponse message.
Note: If number of items in credentialCompleteList is less than cap.MaxLimit, then allcredentialCompleteList.Token items shall be used for the step 6.
Note:The following fields are compared at step 12.4:
• Credential:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
• CredentialIdentifier list (Type.Name is used as unique key for comparing)
• Type
• Name
• FormatType
• ExemptedFromAuthentication
• Value
40 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• CredentialAccessProfile list (AccessProfileToken is used as unique key for comparing)
• AccessProfileToken
• ValidFrom
• ValidTo
• Attribute list
• Name
• Value
4.3.2 GET CREDENTIAL LIST - LIMIT
Test Case ID: CREDENTIAL-3-1-2
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification), Credential(ONVIF Credential Service Specification), GetCredentialList command (ONVIF Credential ServiceSpecification)
Feature Under Test: GetCredentialList
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential List using Limit.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF client invokes GetCredentialList with parameters
• Limit := 1
• StartReference skipped
5. The DUT responds with GetCredentialListResponse message with parameters
www.onvif.org 41
ONVIF Credential Device Test Specification Version 18.12
• NextStartReference =: nextStartReference
• Credential list =: credentialList1
6. If credentialList1 contains more Credential items than 1, FAIL the test and skip other steps.
7. If cap.MaxLimit is equal to 1, skip other steps.
8. ONVIF client invokes GetCredentialList with parameters
• Limit := cap.MaxLimit
• StartReference skipped
9. The DUT responds with GetCredentialListResponse message with parameters
• NextStartReference =: nextStartReference
• Credential list =: credentialList2
10. If credentialList2 contains more Credential items than cap.MaxLimit, FAIL the test and skipother steps.
11. If cap.MaxLimit is equal to 2, skip other steps.
12.Set the following:
• limit := [number between 1 and cap.MaxLimit]
13.ONVIF client invokes GetCredentialList with parameters
• Limit := limit
• StartReference skipped
14.The DUT responds with GetCredentialListResponse message with parameters
• NextStartReference =: nextStartReference
• Credential list =: credentialList3
15. If credentialList3 contains more Credential items than limit, FAIL the test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
42 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• DUT did not send GetCredentialListResponse message.
4.3.3 GET CREDENTIAL LIST - START REFERENCE ANDLIMIT
Test Case ID: CREDENTIAL-3-1-3
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification), Credential(ONVIF Credential Service Specification), GetCredentialList command (ONVIF Credential ServiceSpecification)
Feature Under Test: GetCredentialList
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential List using StartReference and Limit.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF client invokes GetCredentialList with parameters
• Limit := cap.MaxLimit
• StartReference skipped
5. The DUT responds with GetCredentialListResponse message with parameters
• NextStartReference =: nextStartReference
• Credential list =: credentialCompleteList1
6. If credentialCompleteList1 contains more Credential items than cap.MaxLimit, FAIL the testand skip other steps.
7. Until nextStartReference is not null, repeat the following steps:
7.1. ONVIF client invokes GetCredentialList with parameters
www.onvif.org 43
ONVIF Credential Device Test Specification Version 18.12
• Limit := cap.MaxLimit
• StartReference := nextStartReference
7.2. The DUT responds with GetCredentialListResponse message with parameters
• NextStartReference =: nextStartReference
• Credential list =: credentialListPart
7.3. If credentialListPart contains more Credential items than cap.MaxLimit, FAIL the testand skip other steps.
7.4. Set the following:
• credentialCompleteList1 := credentialCompleteList1 + credentialListPart
8. If credentialCompleteList1 contains at least two Credential item with equal token, FAIL thetest and skip other steps.
9. If cap.MaxLimit is equal to 1, do the following steps:
9.1. ONVIF Client retrieves a complete list of credentials (out credentialInfoCompleteList)by following the procedure mentioned in Annex A.1.
9.2. If credentialCompleteList1 does not contain all credentials fromcredentialInfoCompleteList, FAIL the test and skip other steps.
9.3. If credentialCompleteList1 contains credentials other than credentials fromcredentialInfoCompleteList, FAIL the test and skip other steps.
9.4. For each CredentialInfo.token token from credentialInfoCompleteList repeat thefollowing steps:
9.4.1. If credentialCompleteList1[token = token] item does not have equal field valuesto credentialInfoCompleteList[token = token] item, FAIL the test and skip othersteps.
9.5. Skip other steps.
10.ONVIF client invokes GetCredentialList with parameters
• Limit := 1
• StartReference skipped
11. The DUT responds with GetCredentialListResponse message with parameters
44 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• NextStartReference =: nextStartReference
• Credential list =: credentialCompleteList2
12. If credentialCompleteList2 contains more Credential items than 1, FAIL the test and skipother steps.
13.Until nextStartReference is not null, repeat the following steps:
13.1. ONVIF client invokes GetCredentialList with parameters
• Limit := 1
• StartReference := nextStartReference
13.2. The DUT responds with GetCredentialListResponse message with parameters
• NextStartReference =: nextStartReference
• Credential list =: credentialListPart
13.3. If credentialListPart contains more Credential items than 1, FAIL the test and skip othersteps.
13.4. Set the following:
• credentialCompleteList2 := credentialCompleteList2 + credentialListPart
14. If credentialCompleteList2 contains at least two Credential item with equal token, FAIL thetest and skip other steps.
15. If credentialCompleteList2 does not contain all credentials from credentialCompleteList1,FAIL the test and skip other steps.
16. If credentialCompleteList2 contains credentials other than credentials fromcredentialCompleteList1, FAIL the test and skip other steps.
17. If cap.MaxLimit is equal to 2 do the following steps:
17.1. ONVIF Client retrieves a complete list of credentials (out credentialInfoCompleteList)by following the procedure mentioned in Annex A.1.
17.2. If credentialCompleteList2 does not contain all credentials fromcredentialInfoCompleteList, FAIL the test and skip other steps.
17.3. If credentialCompleteList2 contains credentials other than credentials fromcredentialInfoCompleteList, FAIL the test and skip other steps.
www.onvif.org 45
ONVIF Credential Device Test Specification Version 18.12
17.4. For each CredentialInfo.token token from credentialInfoCompleteList repeat thefollowing steps:
17.4.1. If credentialCompleteList2[token = token] item does not have equal field valuesto credentialInfoCompleteList[token = token] item, FAIL the test and skip othersteps.
17.5. Skip other steps.
18.Set the following:
• limit := [number between 1 and cap.MaxLimit]
19.ONVIF client invokes GetCredentialList with parameters
• Limit := limit
• StartReference skipped
20.The DUT responds with GetCredentialListResponse message with parameters
• NextStartReference =: nextStartReference
• Credential list =: credentialCompleteList3
21. If credentialCompleteList3 contains more Credential items than limit, FAIL the test and skipother steps.
22.Until nextStartReference is not null, repeat the following steps:
22.1. ONVIF client invokes GetCredentialList with parameters
• Limit := limit
• StartReference := nextStartReference
22.2. The DUT responds with GetCredentialListResponse message with parameters
• NextStartReference =: nextStartReference
• Credential list =: credentialListPart
22.3. If credentialListPart contains more Credential items than limit, FAIL the test and skipother steps.
22.4. Set the following:
• credentialCompleteList3 := credentialCompleteList3 + credentialListPart
46 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
23. If credentialCompleteList3 contains at least two Credential items with equal token, FAIL thetest and skip other steps.
24. If credentialCompleteList3 does not contain all credentials from credentialCompleteList1,FAIL the test and skip other steps.
25. If credentialCompleteList3 contains credentials other than credentials fromcredentialCompleteList1, FAIL the test and skip other steps.
26.ONVIF Client retrieves a complete list of credentials (out credentialInfoCompleteList) byfollowing the procedure mentioned in Annex A.1.
27. If credentialCompleteList3 does not contain all credentials from credentialInfoCompleteList,FAIL the test and skip other steps.
28. If credentialCompleteList3 contains credentials other than credentials fromcredentialInfoCompleteList, FAIL the test and skip other steps.
29.For each CredentialInfo.token token from credentialInfoCompleteList repeat the followingsteps:
29.1. If credentialCompleteList3[token = token] item does not have equal field values tocredentialInfoCompleteList[token = token] item, FAIL the test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetCredentialListResponse message.
Note: The following fields are compared at step 29.1:
• CredentialInfo:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
www.onvif.org 47
ONVIF Credential Device Test Specification Version 18.12
4.3.4 GET CREDENTIAL LIST - NO LIMIT
Test Case ID: CREDENTIAL-3-1-4
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification), Credential(ONVIF Credential Service Specification), GetCredentialList command (ONVIF Credential ServiceSpecification)
Feature Under Test: GetCredentialList
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential List without using Limit.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF client invokes GetCredentialList with parameters
• Limit skipped
• StartReference skipped
5. The DUT responds with GetCredentialListResponse message with parameters
• NextStartReference =: nextStartReference
• Credential list =: credentialCompleteList
6. If credentialCompleteList contains more Credential items than cap.MaxLimit, FAIL the testand skip other steps.
7. Until nextStartReference is not null, repeat the following steps:
7.1. ONVIF client invokes GetCredentialList with parameters
• Limit skipped
48 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• StartReference := nextStartReference
7.2. The DUT responds with GetCredentialListResponse message with parameters
• NextStartReference =: nextStartReference
• Credential list =: credentialListPart
7.3. If credentialListPart contains more Credential items than cap.MaxLimit, FAIL the testand skip other steps.
7.4. Set the following:
• credentialCompleteList := credentialCompleteList + credentialListPart
8. If credentialCompleteList contains at least two Credential item with equal token, FAIL thetest.
9. ONVIF Client retrieves a complete list of credentials (out credentialInfoCompleteList) byfollowing the procedure mentioned in Annex A.1.
10. If credentialCompleteList does not contain all credentials from credentialInfoCompleteList,FAIL the test and skip other steps.
11. If credentialCompleteList contains credentials other than credentials fromcredentialInfoCompleteList, FAIL the test and skip other steps.
12.For each CredentialInfo.token token from credentialInfoCompleteList repeat the followingsteps:
12.1. If credentialCompleteList[token = token] item does not have equal field values tocredentialInfoCompleteList[token = token] item, FAIL the test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetCredentialListResponse message.
Note: The following fields are compared at step 12.1:
• CredentialInfo:
• token
www.onvif.org 49
ONVIF Credential Device Test Specification Version 18.12
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
4.3.5 CREATE CREDENTIAL (ENABLED)
Test Case ID: CREDENTIAL-3-1-5
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification), Credential(ONVIF Credential Service Specification), CreateCredential command (ONVIF Credential ServiceSpecification)
Feature Under Test: CreateCredential
WSDL Reference: credential.wsdl, accessrules.wsdl, and event.wsdl
Test Purpose: To verify creation of enabled credential and generating of appropriate notifications.
Pre-Requisite: Credential Service is received from the DUT. Event Service was received from theDUT. Access Rules Service is received from the DUT. The DUT shall have enough free storagecapacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList1) byfollowing the procedure mentioned in Annex A.3.
5. ONVIF Client checks free storage for additional Credential (in credentialCompleteList1, outcredentialToRestore, stateToRestore) by following the procedure mentioned in Annex A.7.
6. ONVIF Client retrieves a complete list of access profile (out accessProfileCompleteList) byfollowing the procedure mentioned in Annex A.5.
50 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
7. ONVIF Client retrieves supported Credential identifier type name (incap.SupportedIdentifierType) (out typeName) with corresponding Credential identifierFormat Type (out formatType) and credential identifier value (out value) by following theprocedure mentioned in Annex A.15.
8. ONVIF Client invokes CreatePullPointSubscription with parameters
• Filter.TopicExpression := "tns1:Configuration/Credential/Changed"
9. The DUT responds with a CreatePullPointSubscriptionResponse message withparameters
• SubscriptionReference =: s
• CurrentTime =: ct
• TerminationTime =: tt
10.ONVIF client invokes CreateCredential with parameters
• Credential.token := ""
• Credential.Description := "Test Description"
• Credential.CredentialHolderReference := "TestUser"
• Credential.ValidFrom skipped
• Credential.ValidTo skipped
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := true if cap.Extensioncontains SupportedExemptionType element with value = pt:ExemptFromAuthentication,otherwice false
• Credential.CredentialIdentifier[0].Value := value
• Credential.CredentialAccessProfile.AccessProfileToken :=accessProfileCompleteList[0].token or skipped (if accessProfileCompleteList is empty)
• Credential.CredentialAccessProfile.ValidFrom skipped
• Credential.CredentialAccessProfile.ValidTo skipped
• Credential.Extension skipped
www.onvif.org 51
ONVIF Credential Device Test Specification Version 18.12
• State.Enabled := true
• State.Reason := "Test Reason"
• State.AntipassbackState.AntipassbackViolated := false ifcap.ResetAntipassbackSupported value is equal to true, otherwiseState.AntipassbackState is skipped
11. The DUT responds with CreateCredentialResponse message with parameters
• Token =: credentialToken
12.Until oprationDelay timeout expires, repeat the following steps:
12.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
12.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
12.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
12.4. If m is not null and the TopicExpression item in m is not equal to "tns1:Configuration/Credential/Changed", FAIL the test and go to the step 24.
12.5. If m is not null and does not contain Source.SimpleItem item with Name ="CredentialToken" and Value = credentialToken, FAIL the test and go to the step 24.
12.6. If m is not null and contains Source.SimpleItem item with Name = "CredentialToken"and Value = credentialToken, go to the step 13.
13. If oprationDelay timeout expires for step 12 without Notification with CredentialToken sourcesimple item equal to credentialToken, FAIL the test and go to the step 24.
14.ONVIF Client retrieves a credential (in credentialToken, out credentialList) by following theprocedure mentioned in Annex A.8.
15. If credentialList[0] item does not have equal field values to values from step 10, FAIL thetest and go step 24.
52 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
16.ONVIF Client retrieves a credential info (in credentialToken, out credentialInfoList) byfollowing the procedure mentioned in Annex A.9.
17. If credentialInfoList[0] item does not have equal field values to values from step 9, FAIL thetest and go step 24.
18.ONVIF Client retrieves a complete credential information list (outcredentialInfoCompleteList) by following the procedure mentioned in Annex A.1.
19. If credentialInfoCompleteList does not have credentialInfo.[token = credentialToken] itemwith equal field values to values from step 9, FAIL the test and go step 24.
20.ONVIF Client retrieves a complete list of credentials (out credentialCompleteList2) byfollowing the procedure mentioned in Annex A.3.
21. If credentialCompleteList2 does not have credential.[token = credentialToken] item withequal field values to values from step 10, FAIL the test and go step 24.
22.ONVIF client retrieves credential state (in credentialToken, out credentialState) by followingthe procedure mentioned in Annex A.13.
23.Check the following:
23.1. If credentialState[0].Enabled equal to false, FAIL the test and go step 24.
23.2. If credentialState[0].Reason does not equal to "Test Reason" or missed, FAIL the testand go step 24.
23.3. If cap.ResetAntipassbackSupported value is equal to true check the following:
23.3.1. If credentialState[0] does not contain AntipassbackState element, FAIL the testand go step 24.
23.3.2. If credentialState[0].AntipassbackState.AntipassbackViolated equal to true,FAIL the test and go step 24.
24.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
25. If there was credential deleted at step 4, restore it (in credentialToRestore, stateToReastore)by following the procedure mentioned in Annex A.10 to restore DUT configuration.
26.ONVIF Client sends an Unsubscribe to the subscription endpoint s.
27.The DUT responds with UnsubscribeResponse message.
Test Result:
www.onvif.org 53
ONVIF Credential Device Test Specification Version 18.12
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialsResponse message.
• The DUT did not send CreatePullPointSubscriptionResponse message.
• The DUT did not send CreateCredentialResponse message.
• The DUT did not send PullMessagesResponse message.
• The DUT did not send UnsubscribeResponse message.
Note: oprationDelay will be taken from Operation Delay field of ONVIF Device Test Tool.
Note: The following fields are compared at steps 15, 21:
• Credential:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
• CredentialIdentifier list (Type.Name is used as unique key for comparing)
• Type
• Name
• FormatType
• ExemptedFromAuthentication
• Value
• CredentialAccessProfile list (AccessProfileToken is used as unique key for comparing)
• AccessProfileToken
• ValidFrom
54 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• ValidTo
• Attribute list
• Name
• Value
Note: The following fields are compared at steps 17, 19:
• CredentialInfo:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
4.3.6 CREATE CREDENTIAL (DISABLED)
Test Case ID: CREDENTIAL-3-1-6
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification), Credential(ONVIF Credential Service Specification), CreateCredential command (ONVIF Credential ServiceSpecification)
Feature Under Test: CreateCredential
WSDL Reference: credential.wsdl, accessrules.wsdl, and event.wsdl
Test Purpose: To verify creation of disabled credential and generating of appropriate notifications.
Pre-Requisite: Credential Service is received from the DUT. Event Service was received from theDUT. Access Rules Service is received from the DUT. The DUT shall have enough free storagecapacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
www.onvif.org 55
ONVIF Credential Device Test Specification Version 18.12
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList1) byfollowing the procedure mentioned in Annex A.3.
5. ONVIF Client checks free storage for additional Credential (in credentialCompleteList1, outcredentialToRestore, stateToReastore) by following the procedure mentioned in Annex A.7.
6. ONVIF Client retrieves a complete list of access profile (out accessProfileCompleteList) byfollowing the procedure mentioned in Annex A.5.
7. ONVIF Client retrieves supported Credential identifier type name (incap.SupportedIdentifierType) (out typeName) with corresponding Credential identifierFormat Type (out formatType) and credential identifier value (out value) by following theprocedure mentioned in Annex A.15.
8. ONVIF Client invokes CreatePullPointSubscription with parameters
• Filter.TopicExpression := "tns1:Configuration/Credential/Changed"
9. The DUT responds with a CreatePullPointSubscriptionResponse message withparameters
• SubscriptionReference =: s
• CurrentTime =: ct
• TerminationTime =: tt
10.ONVIF client invokes CreateCredential with parameters
• Credential.token := ""
• Credential.Description := "Test Description"
• Credential.CredentialHolderReference := "TestUser"
• Credential.ValidFrom skipped
• Credential.ValidTo skipped
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType
56 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := true if cap.Extensioncontains SupportedExemptionType element with value = pt:ExemptFromAuthentication,otherwice false
• Credential.CredentialIdentifier[0].Value := value
• Credential.CredentialAccessProfile.AccessProfileToken :=accessProfileCompleteList[0].token or skipped (if accessProfileCompleteList is empty)
• Credential.CredentialAccessProfile.ValidFrom skipped
• Credential.CredentialAccessProfile.ValidTo skipped
• Credential.Extension skipped
• State.Enabled := false
• State.Reason := "Test Reason"
• State.AntipassbackState.AntipassbackViolated := false ifcap.ResetAntipassbackSupported value is equal to true, otherwiseState.AntipassbackState is skipped
11. The DUT responds with CreateCredentialResponse message with parameters
• Token =: credentialToken
12.Until oprationDelay timeout expires, repeat the following steps:
12.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
12.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
12.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
12.4. If m is not null and the TopicExpression item in m is not equal to "tns1:Configuration/Credential/Changed", FAIL the test and go to the step 24.
www.onvif.org 57
ONVIF Credential Device Test Specification Version 18.12
12.5. If m is not null and does not contain Source.SimpleItem item with Name ="CredentialToken" and Value = credentialToken, FAIL the test and go to the step 24.
12.6. If m is not null and contains Source.SimpleItem item with Name = "CredentialToken"and Value = credentialToken, go to the step 14.
13. If oprationDelay timeout expires for step 12 without Notification with CredentialToken sourcesimple item equal to credentialToken, FAIL the test and go to the step 24.
14.ONVIF Client retrieves a credential (in credentialToken, out credentialList) by following theprocedure mentioned in Annex A.8.
15. If credentialList[0] item does not have equal field values to values from step 10, FAIL thetest and go step 24.
16.ONVIF Client retrieves a credential info (in credentialToken, out credentialInfoList) byfollowing the procedure mentioned in Annex A.9.
17. If credentialInfoList[0] item does not have equal field values to values from step 10, FAILthe test and go step 24.
18.ONVIF Client retrieves a complete credential information list (outcredentialInfoCompleteList) by following the procedure mentioned in Annex A.1.
19. If credentialInfoCompleteList does not have credentialInfo[token = credentialToken] itemwith equal field values to values from step 10, FAIL the test and go step 24.
20.ONVIF Client retrieves a complete list of credentials (out credentialCompleteList2) byfollowing the procedure mentioned in Annex A.3.
21. If credentialCompleteList2 does not have credential.[token = credentialToken] item withequal field values to values from step 10, FAIL the test and go step 24.
22.ONVIF client retrieves credential state (in credentialToken, out credentialState) by followingthe procedure mentioned in Annex A.13.
23.Check the following:
23.1. If credentialState[0].Enabled equal to true, FAIL the test and go step 24.
23.2. If credentialState[0].Reason does not equal to "Test Reason" or missed, FAIL the testand go step 24.
23.3. If cap.ResetAntipassbackSupported value is equal to true check the following:
23.3.1. If credentialState[0] does not contain AntipassbackState element, FAIL the testand go step 24.
58 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
23.3.2. If credentialState[0].AntipassbackState.AntipassbackViolated equal to true,FAIL the test and go step 24.
24.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
25. If there was credential deleted at step 4, restore it (in credentialToRestore, stateToReastore)by following the procedure mentioned in Annex A.10 to restore DUT configuration.
26.ONVIF Client sends an Unsubscribe to the subscription endpoint s.
27.The DUT responds with UnsubscribeResponse message.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialsResponse message.
• The DUT did not send CreatePullPointSubscriptionResponse message.
• The DUT did not send CreateCredentialResponse message.
• The DUT did not send PullMessagesResponse message.
• The DUT did not send UnsubscribeResponse message.
Note: oprationDelay will be taken from Operation Delay field of ONVIF Device Test Tool.
Note: The following fields are compared at steps 15, 21:
• Credential:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
• CredentialIdentifier list (Type.Name is used as unique key for comparing)
www.onvif.org 59
ONVIF Credential Device Test Specification Version 18.12
• Type
• Name
• FormatType
• ExemptedFromAuthentication
• Value
• CredentialAccessProfile list (AccessProfileToken is used as unique key for comparing)
• AccessProfileToken
• ValidFrom
• ValidTo
• Attribute list
• Name
• Value
Note: The following fields are compared at steps 17, 19:
• CredentialInfo:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
4.3.7 MODIFY CREDENTIAL
Test Case ID: CREDENTIAL-3-1-7
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification), Credential(ONVIF Credential Service Specification), ModifyCredential command (ONVIF Credential ServiceSpecification)
Feature Under Test: ModifyCredential
60 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
WSDL Reference: credential.wsdl, accessrules.wsdl, and event.wsdl
Test Purpose: To verify modifying of credential with different states and generating of appropriatenotifications.
Pre-Requisite: Credential Service is received from the DUT. Event Service was received from theDUT. Access Rules Service is received from the DUT. The DUT shall have enough free storagecapacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList1) byfollowing the procedure mentioned in Annex A.3.
4. ONVIF Client checks free storage for additional Credential (in credentialCompleteList1, outcredentialToRestore, stateToReastore) by following the procedure mentioned in Annex A.7.
5. ONVIF Client retrieves a complete list of access profiles (out accessProfileCompleteList) byfollowing the procedure mentioned in Annex A.5.
6. ONVIF Client creates credential with ExemptedFromAuthentication equal to false (in false),with Credential identifier item (out typeName) with corresponding Credential identifierFormat Type (out formatType) and corresponding credential identifier value (out value) andwith credential token (out credentialToken) by following the procedure mentioned in AnnexA.11.
7. ONVIF Client invokes CreatePullPointSubscription with parameters
• Filter.TopicExpression := "tns1:Configuration/Credential/Changed"
8. The DUT responds with a CreatePullPointSubscriptionResponse message withparameters
• SubscriptionReference =: s
• CurrentTime =: ct
• TerminationTime =: tt
9. ONVIF client invokes ModifyCredential with parameters
www.onvif.org 61
ONVIF Credential Device Test Specification Version 18.12
• Credential.Token := credentialToken
• Credential.Description := "Test Description 2"
• Credential.CredentialHolderReference := "TestUser 2"
• Credential.ValidFrom skipped
• Credential.ValidTo skipped
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := true if cap.Extensioncontains SupportedExemptionType element with value = pt:ExemptFromAuthentication,otherwice false
• Credential.CredentialIdentifier[0].Value := value
• Credential.CredentialAccessProfile.AccessProfileToken :=accessProfileCompleteList[0].token or skipped (if accessProfileCompleteList is empty)
• Credential.CredentialAccessProfile.ValidFrom skipped
• Credential.CredentialAccessProfile.ValidTo skipped
• Credential.Extension skipped
10.The DUT responds with empty ModifyCredentialResponse message.
11. Until oprationDelay timeout expires, repeat the following steps:
11.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
11.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
11.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
62 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
11.4. If m is not null and the TopicExpression item in m is not equal to "tns1:Configuration/Credential/Changed", FAIL the test and go to the step 21.
11.5. If m is not null and does not contain Source.SimpleItem item with Name ="CredentialToken" and Value = credentialToken, FAIL the test and go to the step 1.
11.6. If m is not null and contains Source.SimpleItem item with Name = "CredentialToken"and Value = credentialToken, go to the step 13.
12. If oprationDelay timeout expires for step 11 without Notification with CredentialToken sourcesimple item equal to credentialToken, FAIL the test and go to the step 21.
13.ONVIF Client retrieves a credential (in credentialToken, out credentialList) by following theprocedure mentioned in Annex A.8.
14. If credentialList[0] item does not have equal field values to values from step 9, FAIL the testand go step 21.
15.ONVIF Client retrieves a credential info (in credentialToken, out credentialInfoList) byfollowing the procedure mentioned in Annex A.9.
16. If credentialInfoList[0] item does not have equal field values to values from step 9, FAIL thetest and go step 21.
17.ONVIF Client retrieves a complete credential information list (outcredentialInfoCompleteList) by following the procedure mentioned in Annex A.1.
18. If credentialInfoCompleteList does not have credentialInfo.[token:= credentialToken] itemwith equal field values to values from step 9, FAIL the test and go step 21.
19.ONVIF Client retrieves a complete list of credentials (out credentialCompleteList2) byfollowing the procedure mentioned in Annex A.3.
20. If credentialCompleteList2 does not have credential.[token:= credentialToken] item withequal field values to values from step 9, FAIL the test and go step 22.
21.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
22. If there was credential deleted at step 4, restore it (in credentialToRestore, stateToReastore)by following the procedure mentioned in Annex A.10 to restore DUT configuration.
23.ONVIF Client sends an Unsubscribe to the subscription endpoint s.
24.The DUT responds with UnsubscribeResponse message.
www.onvif.org 63
ONVIF Credential Device Test Specification Version 18.12
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialsResponse message.
• The DUT did not send CreatePullPointSubscriptionResponse message.
• The DUT did not send ModifyCredentialResponse message.
• The DUT did not send PullMessagesResponse message.
• The DUT did not send UnsubscribeResponse message.
Note: oprationDelay will be taken from Operation Delay field of ONVIF Device Test Tool.
Note: The following fields are compared at steps 18, 20:
• Credential:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
• CredentialIdentifier list (Type.Name is used as unique key for comparing)
• Type
• Name
• FormatType
• ExemptedFromAuthentication
• Value
• CredentialAccessProfile list (AccessProfileToken is used as unique key for comparing)
• AccessProfileToken
64 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• ValidFrom
• ValidTo
• Attribute list
• Name
• Value
Note: The following fields are compared at steps 14, 16:
• CredentialInfo:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
4.3.8 DELETE CREDENTIAL
Test Case ID: CREDENTIAL-3-1-8
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification), Credential(ONVIF Credential Service Specification), DeleteCredential command (ONVIF Credential ServiceSpecification)
Feature Under Test: DeleteCredential
WSDL Reference: credential.wsdl and event.wsdl
Test Purpose: To verify deleting of credential and generating of appropriate notifications.
Pre-Requisite: Credential Service is received from the DUT. Event Service was received from theDUT. The DUT shall have enough free storage capacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
www.onvif.org 65
ONVIF Credential Device Test Specification Version 18.12
3. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList1) byfollowing the procedure mentioned in Annex A.3.
4. ONVIF Client checks free storage for additional Credential (in credentialCompleteList1, outcredentialToRestore, stateToRestore) by following the procedure mentioned in Annex A.7.
5. ONVIF Client creates credential (in false, out credentialToken) by following the procedurementioned in Annex A.11.
6. ONVIF Client invokes CreatePullPointSubscription with parameters
• Filter.TopicExpression := "tns1:Configuration/Credential/Removed"
7. The DUT responds with a CreatePullPointSubscriptionResponse message withparameters
• SubscriptionReference =: s
• CurrentTime =: ct
• TerminationTime =: tt
8. ONVIF Client invokes DeleteCredential with parameters
• Token := credentialToken
9. The DUT responds with empty DeleteCredentialResponse message.
10.Until oprationDelay timeout expires, repeat the following steps:
10.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
10.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
10.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
10.4. If m is not null and the TopicExpression item in m is not equal to "tns1:Configuration/Credential/Removed", FAIL the test and go to the step 21.
66 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
10.5. If m is not null and does not contain Source.SimpleItem item with Name ="CredentialToken" and Value = credentialToken, FAIL the test and go to the step 20.
10.6. If m is not null and contains Source.SimpleItem item with Name = "CredentialToken"and Value = credentialToken, go to the step 12.
11. If oprationDelay timeout expires for step 10 without Notification with CredentialToken sourcesimple item equal to credentialToken, FAIL the test and go to the step 20.
12.ONVIF Client retrieves a credential (in credentialToken, out credentialList) by following theprocedure mentioned in Annex A.8.
13. If credentialList is not empty, FAIL the test and go step 20.
14.ONVIF Client retrieves a credential info (in credentialToken, out credentialInfoList) byfollowing the procedure mentioned in Annex A.9.
15. If credentialInfoList is not empty, FAIL the test and go step 20.
16.ONVIF Client retrieves a complete credential information list (outcredentialInfoCompleteList) by following the procedure mentioned in Annex A.1.
17. If credentialInfoCompleteList contains credentialInfo.[token:= credentialToken] item, FAILthe test and go step 20.
18.ONVIF Client retrieves a complete list of credentials (out credentialCompleteList2) byfollowing the procedure mentioned in Annex A.3.
19. If credentialCompleteList2 contains credential.[token:= credentialToken] item, FAIL the testand go step 20.
20. If there was credential deleted at step 4, restore it (in credentialToRestore, stateToReastore)by following the procedure mentioned in Annex A.10 to restore DUT configuration.
21.ONVIF Client sends an Unsubscribe to the subscription endpoint s.
22.The DUT responds with UnsubscribeResponse message.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialsResponse message.
www.onvif.org 67
ONVIF Credential Device Test Specification Version 18.12
• The DUT did not send CreatePullPointSubscriptionResponse message.
• The DUT did not send DeleteCredentialResponse message.
• The DUT did not send PullMessagesResponse message.
• The DUT did not send UnsubscribeResponse message.
Note: oprationDelay will be taken from Operation Delay field of ONVIF Device Test Tool.
4.3.9 GET CREDENTIALS WITH INVALID TOKEN
Test Case ID: CREDENTIAL-3-1-9
Specification Coverage: Credential (ONVIF Credential Service Specification), GetCredentialscommand (ONVIF Credential Service Specification)
Feature Under Test: GetCredentials
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential with invalid token.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of credential info (out credentialInfoCompleteList) byfollowing the procedure mentioned in Annex A.1.
4. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
5. ONVIF client invokes GetCredentials with parameters
• Token[0] := invalidToken
6. The DUT responds with GetCredentialsResponse message with parameters
• Credential list =: credentialsList
68 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
7. If credentialsList is not empty, FAIL the test.
8. If credentialInfoCompleteList is empty, skip other steps.
9. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
10. If cap.MaxLimit is less than 2, skip other steps.
11. ONVIF client invokes GetCredentials with parameters
• Token[0] := invalidToken
• Token[1] := credentialInfoCompleteList[0].token
12.The DUT responds with GetCredentialsResponse message with parameters
• CredentialInfo list =: credentialsList
13. If credentialsList is empty, FAIL the test.
14. If credentialsList contains more than one item, FAIL the test.
15. If credentialsList[0].token does not equal to credentialInfoCompleteList[0].token, FAIL thetest.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetCredentialsResponse message.
4.3.10 GET CREDENTIALS - TOO MANY ITEMS
Test Case ID: CREDENTIAL-3-1-10
Specification Coverage: Credential (ONVIF Credential Service Specification), GetCredentialscommand (ONVIF Credential Service Specification)
Feature Under Test: GetCredentials
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential in case if there a more items than MaxLimit in request.
www.onvif.org 69
ONVIF Credential Device Test Specification Version 18.12
Pre-Requisite: Credential Service is received from the DUT. Test Configuration: ONVIF Client andDUT
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
4. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
5. If credentialInfoCompleteList.token items number is less than cap.MaxLimit or equal tocap.MaxLimit, skip other steps.
6. Set the following:
• tokenList := [subset of credentialCompleteList.token values with items number equal tocap.MaxLimit + 1]
7. ONVIF client invokes GetCredentials with parameters
• Token list := tokenList
8. The DUT returns env:Sender\ter:InvalidArgs\ter:TooManyItems SOAP 1.2 fault.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgs\ter:TooManyItems SOAP 1.2 fault
4.3.11 CREATE CREDENTIAL - NOT EMPTY CREDENTIALTOKEN
Test Case ID: CREDENTIAL-3-1-11
Specification Coverage: CreateCredential command (ONVIF Credential Service Specification)
70 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Feature Under Test: CreateCredential
WSDL Reference: credential.wsdl
Test Purpose: To verify Create Credential with not Empty Token Verification.
Pre-Requisite: Credential Service is received from the DUT. The DUT shall have enough freestorage capacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves supported Credential identifier type name (incap.SupportedIdentifierType) (out typeName) with corresponding Credential identifierFormat Type (out formatType) and credential identifier value (out value) by following theprocedure mentioned in Annex A.15.
5. ONVIF client invokes CreateCredential with parameters
• Credential.token := "CredentialToken"
• Credential.Description := "Test Description"
• Credential.CredentialHolderReference := "TestUser"
• Credential.ValidFrom skipped
• Credential.ValidTo skipped
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := false
• Credential.CredentialIdentifier[0].Value := value
• Credential.CredentialAccessProfile.AccessProfileToken skipped
• State.Enabled := true
www.onvif.org 71
ONVIF Credential Device Test Specification Version 18.12
• State.Reason := "Test Reason"
• State.AntipassbackState.AntipassbackViolated := false ifcap.ResetAntipassbackSupported value is equal to true, otherwiseState.AntipassbackState is skipped
6. The DUT returns env:Sender\ter:InvalidArgVal SOAP 1.2 fault.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgVal SOAP 1.2 fault.
4.3.12 MODIFY CREDENTIAL WITH INVALID TOKEN
Test Case ID: CREDENTIAL-3-1-12
Specification Coverage: ModifyCredential command (ONVIF Credential Service Specification)
Feature Under Test: ModifyCredential
WSDL Reference: credential.wsdl
Test Purpose: To verify modifying of credential with invalid token.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves a complete list of credential info (out credentialInfoCompleteList) byfollowing the procedure mentioned in Annex A.1.
5. ONVIF Client retrieves supported Credential identifier type name (incap.SupportedIdentifierType) (out typeName) with corresponding Credential identifier
72 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Format Type (out formatType) and credential identifier value (out value) by following theprocedure mentioned in Annex A.15.
6. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
7. ONVIF client invokes ModifyCredential with parameters
• Credential.Token := invalidToken
• Credential.Description := "Test Description"
• Credential.CredentialHolderReference := "TestUser"
• Credential.ValidFrom skipped
• Credential.ValidTo skipped
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := false
• Credential.CredentialIdentifier[0].Value := value
• Credential.CredentialAccessProfile.AccessProfileToken skipped
• Credential.Extension skipped
8. The DUT returns env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
4.3.13 DELETE CREDENTIAL WITH INVALID TOKEN
Test Case ID: CREDENTIAL-3-1-13
www.onvif.org 73
ONVIF Credential Device Test Specification Version 18.12
Specification Coverage: DeleteCredential command (ONVIF Credential Service Specification)
Feature Under Test: DeleteCredential
WSDL Reference: credential.wsdl
Test Purpose: To verify deleting of credential with invalid token.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of credential info (out credentialInfoCompleteList) byfollowing the procedure mentioned in Annex A.1.
4. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
5. ONVIF Client invokes DeleteCredential with parameters
• Token := invalidToken
6. The DUT returns env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
4.3.14 CREATE CREDENTIAL - VALIDITY VALUES
Test Case ID: CREDENTIAL-3-1-14
74 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification), Credential(ONVIF Credential Service Specification), CreateCredential command (ONVIF Credential ServiceSpecification)
Feature Under Test: CreateCredential
WSDL Reference: credential.wsdl and accessrules.wsdl
Test Purpose: To verify creation of credential with credential validity and with credential accessprofile validity.
Pre-Requisite: Credential Service is received from the DUT. Access Rules Service is receivedfrom the DUT. CredentialValiditySupported is supported by the DUT as indicated by theCapabilities.CredentialValiditySupported capability or CredentialAccessProfileValiditySupported issupported by the DUT as indicated by the Capabilities.CredentialAccessProfileValiditySupportedcapability. The DUT shall have enough free storage capacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves a complete list of access profile (out accessProfileCompleteList) byfollowing the procedure mentioned in Annex A.5.
5. ONVIF Client retrieves supported Credential identifier type name (incap.SupportedIdentifierType) (out typeName) with corresponding Credential identifierFormat Type (out formatType) and credential identifier value (out value) by following theprocedure mentioned in Annex A.15.
6. Set the following:
• credentialValidFrom:= value of current time
• credentialValidTo:= credentialValidFrom + one year
• accessProfileValidFrom := value of current time + 24 h
• accessProfileValidTo := accessProfileValidFrom + one year
7. ONVIF client invokes CreateCredential with parameters
www.onvif.org 75
ONVIF Credential Device Test Specification Version 18.12
• Credential.token := ""
• Credential.Description := "Test Description"
• Credential.CredentialHolderReference := "TestUser"
• Credential.ValidFrom := credentialValidFrom if cap.CredentialValiditySupported value isequal to true or skipped if cap.CredentialValiditySupported value is equal to false
• Credential.ValidTo := credentialValidTo if cap.CredentialValiditySupported value is equalto true or skipped if cap.CredentialValiditySupported value is equal to false
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := false
• Credential.CredentialIdentifier[0].Value := value
• Credential.CredentialAccessProfile[0] is skipped if accessProfileCompleteList is empty orif cap.CredentialAccessProfileValiditySupported is equal to false
• Credential.CredentialAccessProfile[0].AccessProfileToken :=accessProfileCompleteList[0].token
• Credential.CredentialAccessProfile[0].ValidFrom := accessProfileValidFrom
• Credential.CredentialAccessProfile[0].ValidTo := accessProfileValidTo
• State.Enabled := false
• State.Reason := "Test Reason"
• State.AntipassbackState.AntipassbackViolated := false ifcap.ResetAntipassbackSupported value is equal to true, otherwiseState.AntipassbackState is skipped
8. The DUT responds with CreateCredentialResponse message with parameters
• Token =: credentialToken
9. ONVIF Client retrieves a credential (in credentialToken, out credentialList) by following theprocedure mentioned in Annex A.8.
10.ONVIF Client retrieves a credential info (in credentialToken, out credentialInfoList) byfollowing the procedure mentioned in Annex A.9.
76 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
11. If cap.ValiditySupportsTimeValue is equal to true, check the following:
11.1. If credentialList[0].Credential.ValidFrom value does not equal to credentialValidFrom,FAIL the test and go step 13.
11.2. If credentialList[0].Credential.ValidTo value does not equal to credentialValidTo, FAILthe test and go step 13.
11.3. If credentialList[0].CredentialAccessProfile[0].ValidFrom value does not equal toaccessProfileValidFrom, FAIL the test and go step 13.
11.4. If credentialList[0].CredentialAccessProfile[0].ValidTo value does not equal toaccessProfileValidTo, FAIL the test and go step 13.
11.5. If credentialInfoList[0].CredentialInfo.ValidFrom value does not equal tocredentialValidFrom, FAIL the test and go step 13.
11.6. If credentiaIInfoList[0].CredentialInfo.ValidTo value does not equal tocredentialValidTo, FAIL the test and go step 13.
12. If cap.ValiditySupportsTimeValue is equal to false, check the following:
12.1. If credentialList[0].Credential.ValidFrom value contains data component that does notequal to data component of credentialValidFrom, FAIL the test and go step 13.
12.2. If credentialList[0].Credential.ValidTo value contains data component that does notequal to data component of credentialValidTo, FAIL the test and go step 13.
12.3. If credentialList[0].CredentialAccessProfile[0].ValidFrom value contains datacomponent that does not equal to data component of accessProfileValidFrom, FAILthe test and go step 13.
12.4. If credentialList[0].CredentialAccessProfile[0].ValidTo value contains data componentthat does not equal to data component of accessProfileValidTo, FAIL the test and gostep 13.
12.5. If credentialInfoList[0].CredentialInfo.ValidFrom value contains data component thatdoes not equal to data component of credentialValidFrom, FAIL the test and go step 13.
12.6. If credentialInfoList[0].CredentialInfo.ValidTo value contains data component that doesnot equal to data component of credentialValidTo, FAIL the test and go step 13.
13.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
Test Result:
www.onvif.org 77
ONVIF Credential Device Test Specification Version 18.12
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send CreateCredentialResponse message.
Note: The ONVIF Client sets and compares values of Credential.ValidFrom, Credential.ValidTo,CredentialAccessProfile.ValidFrom, and CredentialAccessProfile.ValidTo accurate to a second.
4.3.15 MODIFY CREDENTIAL - VALIDITY VALUES
Test Case ID: CREDENTIAL-3-1-15
Specification Coverage: ModifyCredential command (ONVIF Credential Service Specification)
Feature Under Test: ModifyCredential
WSDL Reference: credential.wsdl and accessrules.wsdl
Test Purpose: To verify creation of credential with credential validity and with credential accessprofile validity.
Pre-Requisite: Credential Service is received from the DUT. Access Rules Service is receivedfrom the DUT. CredentialValiditySupported is supported by the DUT as indicated by theCapabilities.CredentialValiditySupported capability or CredentialAccessProfileValiditySupported issupported by the DUT as indicated by the Capabilities.CredentialAccessProfileValiditySupportedcapability. The DUT shall have enough free storage capacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves a complete list of access profile (out accessProfileCompleteList) byfollowing the procedure mentioned in Annex A.5.
5. ONVIF Client retrieves supported Credential identifier type name (incap.SupportedIdentifierType) (out typeName) with corresponding Credential identifier
78 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Format Type (out formatType) and credential identifier value (out value) by following theprocedure mentioned in Annex A.15.
6. Set the following:
• credentialValidFrom1:= value of current time
• credentialValidTo1:= credentialValidFrom1 + one year
• accessProfileValidFrom1 := value of current time + 24 h
• accessProfileValidTo1 := accessProfileValidFrom1 + one year
7. ONVIF client invokes CreateCredential with parameters
• Credential.token := ""
• Credential.Description := "Test Description"
• Credential.CredentialHolderReference := "TestUser"
• Credential.ValidFrom := credentialValidFrom1 if cap.CredentialValiditySupported value isequal to true or skipped if cap.CredentialValiditySupported value is equal to false
• Credential.ValidTo := credentialValidTo1 if cap.CredentialValiditySupported value is equalto true or skipped if cap.CredentialValiditySupported value is equal to false
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := false
• Credential.CredentialIdentifier[0].Value := value
• Credential.CredentialAccessProfile[0] is skipped if accessProfileCompleteList is empty orif cap.CredentialAccessProfileValiditySupported is equal to false
• Credential.CredentialAccessProfile[0].AccessProfileToken :=accessProfileCompleteList[0].token
• Credential.CredentialAccessProfile[0].ValidFrom := accessProfileValidFrom1
• Credential.CredentialAccessProfile[0].ValidTo := accessProfileValidTo1
• State.Enabled := false
• State.Reason := "Test Reason"
www.onvif.org 79
ONVIF Credential Device Test Specification Version 18.12
• State.AntipassbackState.AntipassbackViolated := false ifcap.ResetAntipassbackSupported value is equal to true, otherwiseState.AntipassbackState is skipped
8. The DUT responds with CreateCredentialResponse message with parameters
• Token =: credentialToken
9. Set the following:
• credentialValidFrom2:= credentialValidFrom2 + one day + one hour
• credentialValidTo2:= credentialValidTo2 + one day + one hour
• accessProfileValidFrom2 := accessProfileValidFrom1 + one day + one hour
• accessProfileValidTo2 := accessProfileValidFrom1 + one day + one hour
10.ONVIF client invokes ModifyCredential with parameters
• Credential.Token := credentialToken
• Credential.Description := "Test Description"
• Credential.CredentialHolderReference := "TestUser"
• Credential.ValidFrom := credentialValidFrom2 if cap.CredentialValiditySupported value isequal to true or skipped if cap.CredentialValiditySupported value is equal to false
• Credential.ValidTo := credentialValidTo2 if cap.CredentialValiditySupported value is equalto true or skipped if cap.CredentialValiditySupported value is equal to false
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := false
• Credential.CredentialIdentifier[0].Value := value
• Credential.CredentialAccessProfile[0] is skipped if accessProfileCompleteList is empty orif cap.CredentialAccessProfileValiditySupported is equal to false
• Credential.CredentialAccessProfile[0].AccessProfileToken :=accessProfileCompleteList[0].token
• Credential.CredentialAccessProfile[0].ValidFrom := accessProfileValidFrom2
80 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• Credential.CredentialAccessProfile[0].ValidTo := accessProfileValidTo2
11. The DUT responds with empty ModifyCredentialResponse message.
12.ONVIF Client retrieves a credential (in credentialToken, out credentialList) by following theprocedure mentioned in Annex A.8.
13.ONVIF Client retrieves a credential info (in credentialToken, out credentialInfoList) byfollowing the procedure mentioned in Annex A.9.
14. If cap.ValiditySupportsTimeValue is equal to true, check the following:
14.1. If credentialList[0].Credential.ValidFrom value does not equal to credentialValidFrom2,FAIL the test and go step 16.
14.2. If credentialList[0].Credential.ValidTo value does not equal to credentialValidTo2, FAILthe test and go step 16.
14.3. If credentialList[0].CredentialAccessProfile[0].ValidFrom value does not equal toaccessProfileValidFrom2, FAIL the test and go step 16.
14.4. If credentialList[0].CredentialAccessProfile[0].ValidTo value does not equal toaccessProfileValidTo2, FAIL the test and go step 16.
14.5. If credentialInfoList[0].CredentialInfo.ValidFrom value does not equal tocredentialValidFrom2, FAIL the test and go step 16.
14.6. If credentiaIInfoList[0].CredentialInfo.ValidTo value does not equal tocredentialValidTo2, FAIL the test and go step 16.
15. If cap.ValiditySupportsTimeValue is equal to false, check the following:
15.1. If credentialList[0].Credential.ValidFrom value contains data component that does notequal to data component of credentialValidFrom2, FAIL the test and go step 16.
15.2. If credentialList[0].Credential.ValidTo value contains data component that does notequal to data component of credentialValidTo2, FAIL the test and go step 16.
15.3. If credentialList[0].CredentialAccessProfile[0].ValidFrom value contains datacomponent that does not equal to data component of accessProfileValidFrom2, FAILthe test and go step 16.
15.4. If credentialList[0].CredentialAccessProfile[0].ValidTo value contains data componentthat does not equal to data component of accessProfileValidTo2, FAIL the test and gostep 16.
www.onvif.org 81
ONVIF Credential Device Test Specification Version 18.12
15.5. If credentialInfoList[0].CredentialInfo.ValidFrom value contains data component thatdoes not equal to data component of credentialValidFrom2, FAIL the test and go step16.
15.6. If credentialInfoList[0].CredentialInfo.ValidTo value contains data component that doesnot equal to data component of credentialValidTo2, FAIL the test and go step 16.
16.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send CreateCredentialResponse message.
• The DUT did not send ModifyCredentialResponse message.
Note: The ONVIF Client sets and compares values of Credential.ValidFrom, Credential.ValidTo,CredentialAccessProfile.ValidFrom, and CredentialAccessProfile.ValidTo accurate to a second.
4.3.16 SET NEW CREDENTIAL (ENABLED)
Test Case ID: CREDENTIAL-3-1-16
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification), Credential(ONVIF Credential Service Specification), SetCredential command (ONVIF Credential ServiceSpecification)
Feature Under Test: SetCredential
WSDL Reference: credential.wsdl, accessrules.wsdl, and event.wsdl
Test Purpose: To verify creation of enabled credential using SetCredential command andgenerating of appropriate notifications.
Pre-Requisite: Credential Service is received from the DUT. Event Service was received from theDUT. Access Rules Service is received from the DUT. Client Supplied Token is supported by theDUT. The DUT shall have enough free storage capacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
82 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves Credential Service Capabilities by following the procedure mentionedin Annex A.2 with the following input and output parameters
• out cap - Credential Service capabilities
4. ONVIF Client retrieves complete list of credentials by following the procedure mentioned inAnnex A.3 with the following input and output parameters
• out initialCredentialCompleteList - credential complete list
5. ONVIF Client checks free storage for additional credential by following the procedurementioned in Annex A.7 with the following input and output parameters
• in initialCredentialCompleteList - credential complete list
• out credentialToRestore - removed credential
• out stateToRestore - state of removed credential
6. ONVIF Client retrieves complete list of access profiles by following the procedure mentionedin Annex A.5 with the following input and output parameters
• out accessProfileCompleteList - access profiles complete list
7. ONVIF Client retrieves supported credential identifier type name with correspondingcredential identifier format type and credential identifier value by following the procedurementioned in Annex A.15 with the following input and output parameters
• in cap.SupportedIdentifierType - list of supported identifier types
• out typeName - selected identifier type name
• out formatType - selected identifier format type
• out value - credential identifier value for selected identifier format type
8. Set credentialToken := token that differs from tokens listed in initialCredentialCompleteList.
9. ONVIF Client creates PullPoint subscription for the specified topic by following the procedurementioned in Annex A.21 with the following input and output parameters
• in tns1:Configuration/Credential/Changed - Notification Topic
• out s - Subscription reference
www.onvif.org 83
ONVIF Credential Device Test Specification Version 18.12
• out currentTime - current time for the DUT
• out terminationTime - Subscription termination time
10.Set credential :=
• Credential.token := credentialToken
• Credential.Description := "Test Description"
• Credential.CredentialHolderReference := "TestUser"
• Credential.ValidFrom skipped
• Credential.ValidTo skipped
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := true if cap.Extensioncontains SupportedExemptionType element with value = pt:ExemptFromAuthentication,otherwice false
• Credential.CredentialIdentifier[0].Value := value
• If accessProfileCompleteList contains at least one item:
• Credential.CredentialAccessProfile.AccessProfileToken :=accessProfileCompleteList[0].token
• Credential.CredentialAccessProfile.ValidFrom skipped
• Credential.CredentialAccessProfile.ValidTo skipped
otherwise:
• Credential.CredentialAccessProfile is skipped
• Credential.Extension skipped
11. ONVIF client invokes SetCredential request with parameters
• Credential := credential
• State.Enabled := true
• State.Reason := "Test Reason"
84 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• State.AntipassbackState.AntipassbackViolated := false ifcap.ResetAntipassbackSupported value is equal to true, otherwiseState.AntipassbackState is skipped
12.The DUT responds with SetCredentialResponse message.
13.ONVIF Client retrieves and checks tns1:Configuration/Credential/Changed event for thespecified Credential token by following the procedure mentioned in Annex A.23 with thefollowing input and output parameters
• in s - Subscription reference
• in currentTime - current time for the DUT
• in terminationTime - subscription termination time
• in credentialToken - Credential token
14.ONVIF Client deletes PullPoint subscription by following the procedure mentioned in AnnexA.22 with the following input and output parameters
• in s - Subscription reference
15.ONVIF Client retrieves a credential by following the procedure mentioned in Annex A.8 withthe following input and output parameters
• in credentialToken - credential token
• out credentialList - the list of credentials
16. If credentialList[0] item does not have equal to credential, FAIL the test, restore the DUTstate, and skip other steps.
17.ONVIF Client retrieves a credential info by following the procedure mentioned in Annex A.9with the following input and output parameters
• in credentialToken - credential token
• out credentialInfoList - the list of credentials info
18. If credentialInfoList[0] item does not have equal fields with credential, FAIL the test, restorethe DUT state, and skip other steps.
19.ONVIF Client retrieves complete list of credentials info by following the procedure mentionedin Annex A.1 with the following input and output parameters
• out credentialInfoCompleteList - credential info complete list
www.onvif.org 85
ONVIF Credential Device Test Specification Version 18.12
20. If credentialInfoCompleteList does not have CredentialInfo[token = credentialToken] itemwith equal fields with credential, FAIL the test, restore the DUT state, and skip other steps.
21.ONVIF Client retrieves complete list of credentials by following the procedure mentioned inAnnex A.3 with the following input and output parameters
• out credentialCompleteList - credential complete list
22. If credentialCompleteList does not have Credential[token = credentialToken] item with equalfields with credential, FAIL the test, restore the DUT state, and skip other steps.
23.ONVIF Client retrieves credential state by following the procedure mentioned in Annex A.13with the following input and output parameters
• in credentialToken - credential token
• out credentialState - credential state
24. If credentialState[0].Enabled equal to false, FAIL the test, restore the DUT state, and skipother steps.
25. If credentialState[0].Reason does not equal to "Test Reason" or missed, FAIL the test,restore the DUT state, and skip other steps.
26. If cap.ResetAntipassbackSupported value is equal to true check the following:
26.1. If credentialState[0] does not contain AntipassbackState element, FAIL the test,restore the DUT state, and skip other steps.
26.2. If credentialState[0].AntipassbackState.AntipassbackViolated equal to true, FAIL thetest, restore the DUT state, and skip other steps.
27.ONVIF Client deletes the Credential by following the procedure mentioned in Annex A.6 withthe following input and output parameters
• in credentialToken - credential token
28. If there was credential deleted at step 5:
28.1. ONVIF Client restores credential deletes special day group by following the procedurementioned in Annex A.10 with the following input and output parameters
• in credentialToRestore - removed credential
• in stateToRestore - state of removed credential
Test Result:
86 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send SetCredentialResponse message.
Note: The following fields are compared at steps 16 and 22:
• Credential:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
• CredentialIdentifier list (Type.Name is used as unique key for comparing)
• Type
• Name
• FormatType
• ExemptedFromAuthentication
• Value
• CredentialAccessProfile list (AccessProfileToken is used as unique key for comparing)
• AccessProfileToken
• ValidFrom
• ValidTo
• Attribute list
• Name
• Value
Note: The following fields are compared at steps 18 and 20:
www.onvif.org 87
ONVIF Credential Device Test Specification Version 18.12
• CredentialInfo:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
4.3.17 SET NEW CREDENTIAL (DISABLED)
Test Case ID: CREDENTIAL-3-1-17
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification), Credential(ONVIF Credential Service Specification), SetCredential command (ONVIF Credential ServiceSpecification)
Feature Under Test: SetCredential
WSDL Reference: credential.wsdl, accessrules.wsdl, and event.wsdl
Test Purpose: To verify creation of disabled credential using SetCredential command andgenerating of appropriate notifications.
Pre-Requisite: Credential Service is received from the DUT. Event Service was received from theDUT. Access Rules Service is received from the DUT. Client Supplied Token is supported by theDUT. The DUT shall have enough free storage capacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves Credential Service Capabilities by following the procedure mentionedin Annex A.2 with the following input and output parameters
• out cap - Credential Service capabilities
4. ONVIF Client retrieves complete list of credentials by following the procedure mentioned inAnnex A.3 with the following input and output parameters
• out initialCredentialCompleteList - credential complete list
88 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
5. ONVIF Client checks free storage for additional credential by following the procedurementioned in Annex A.7 with the following input and output parameters
• in initialCredentialCompleteList - credential complete list
• out credentialToRestore - removed credential
• out stateToRestore - state of removed credential
6. ONVIF Client retrieves complete list of access profiles by following the procedure mentionedin Annex A.5 with the following input and output parameters
• out accessProfileCompleteList - access profiles complete list
7. ONVIF Client retrieves supported credential identifier type name with correspondingcredential identifier format type and credential identifier value by following the procedurementioned in Annex A.15 with the following input and output parameters
• in cap.SupportedIdentifierType - list of supported identifier types
• out typeName - selected identifier type name
• out formatType - selected identifier format type
• out value - credential identifier value for selected identifier format type
8. Set credentialToken := token that differs from tokens listed in initialCredentialCompleteList.
9. ONVIF Client creates PullPoint subscription for the specified topic by following the procedurementioned in Annex A.21 with the following input and output parameters
• in tns1:Configuration/Credential/Changed - Notification Topic
• out s - Subscription reference
• out currentTime - current time for the DUT
• out terminationTime - Subscription termination time
10.Set credential :=
• Credential.token := credentialToken
• Credential.Description := "Test Description"
• Credential.CredentialHolderReference := "TestUser"
• Credential.ValidFrom skipped
www.onvif.org 89
ONVIF Credential Device Test Specification Version 18.12
• Credential.ValidTo skipped
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := true if cap.Extensioncontains SupportedExemptionType element with value = pt:ExemptFromAuthentication,otherwice false
• Credential.CredentialIdentifier[0].Value := value
• If accessProfileCompleteList contains at least one item:
• Credential.CredentialAccessProfile.AccessProfileToken :=accessProfileCompleteList[0].token
• Credential.CredentialAccessProfile.ValidFrom skipped
• Credential.CredentialAccessProfile.ValidTo skipped
otherwise:
• Credential.CredentialAccessProfile is skipped
• Credential.Extension skipped
11. ONVIF client invokes SetCredential request with parameters
• Credential := credential
• State.Enabled := false
• State.Reason := "Test Reason"
• State.AntipassbackState.AntipassbackViolated := false ifcap.ResetAntipassbackSupported value is equal to true, otherwiseState.AntipassbackState is skipped
12.The DUT responds with SetCredentialResponse message.
13.ONVIF Client retrieves and checks tns1:Configuration/Credential/Changed event for thespecified Credential token by following the procedure mentioned in Annex A.23 with thefollowing input and output parameters
• in s - Subscription reference
90 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• in currentTime - current time for the DUT
• in terminationTime - subscription termination time
• in credentialToken - Credential token
14.ONVIF Client deletes PullPoint subscription by following the procedure mentioned in AnnexA.22 with the following input and output parameters
• in s - Subscription reference
15.ONVIF Client retrieves a credential by following the procedure mentioned in Annex A.8 withthe following input and output parameters
• in credentialToken - credential token
• out credentialList - the list of credentials
16. If credentialList[0] item does not have equal to credential, FAIL the test, restore the DUTstate, and skip other steps.
17.ONVIF Client retrieves a credential info by following the procedure mentioned in Annex A.9with the following input and output parameters
• in credentialToken - credential token
• out credentialInfoList - the list of credentials info
18. If credentialInfoList[0] item does not have equal fields with credential, FAIL the test, restorethe DUT state, and skip other steps.
19.ONVIF Client retrieves complete list of credentials info by following the procedure mentionedin Annex A.1 with the following input and output parameters
• out credentialInfoCompleteList - credential info complete list
20. If credentialInfoCompleteList does not have CredentialInfo[token = credentialToken] itemwith equal fields with credential, FAIL the test, restore the DUT state, and skip other steps.
21.ONVIF Client retrieves complete list of credentials by following the procedure mentioned inAnnex A.3 with the following input and output parameters
• out credentialCompleteList - credential complete list
22. If credentialCompleteList does not have Credential[token = credentialToken] item with equalfields with credential, FAIL the test, restore the DUT state, and skip other steps.
www.onvif.org 91
ONVIF Credential Device Test Specification Version 18.12
23.ONVIF Client retrieves credential state by following the procedure mentioned in Annex A.13with the following input and output parameters
• in credentialToken - credential token
• out credentialState - credential state
24. If credentialState[0].Enabled equal to true, FAIL the test, restore the DUT state, and skipother steps.
25. If credentialState[0].Reason does not equal to "Test Reason" or missed, FAIL the test,restore the DUT state, and skip other steps.
26. If cap.ResetAntipassbackSupported value is equal to true check the following:
26.1. If credentialState[0] does not contain AntipassbackState element, FAIL the test,restore the DUT state, and skip other steps.
26.2. If credentialState[0].AntipassbackState.AntipassbackViolated equal to true, FAIL thetest, restore the DUT state, and skip other steps.
27.ONVIF Client deletes the Credential by following the procedure mentioned in Annex A.6 withthe following input and output parameters
• in credentialToken - credential token
28. If there was credential deleted at step 5:
28.1. ONVIF Client restores credential deletes special day group by following the procedurementioned in Annex A.10 with the following input and output parameters
• in credentialToRestore - removed credential
• in stateToRestore - state of removed credential
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send SetCredentialResponse message.
Note: The following fields are compared at steps 16 and 22:
• Credential:
92 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
• CredentialIdentifier list (Type.Name is used as unique key for comparing)
• Type
• Name
• FormatType
• ExemptedFromAuthentication
• Value
• CredentialAccessProfile list (AccessProfileToken is used as unique key for comparing)
• AccessProfileToken
• ValidFrom
• ValidTo
• Attribute list
• Name
• Value
Note: The following fields are compared at steps 18 and 20:
• CredentialInfo:
• token
• Description
• CredentialHolderToken
• ValidFrom
www.onvif.org 93
ONVIF Credential Device Test Specification Version 18.12
• ValidTo
4.3.18 SET CREDENTIAL
Test Case ID: CREDENTIAL-3-1-18
Specification Coverage: CredentialInfo (ONVIF Credential Service Specification), Credential(ONVIF Credential Service Specification), SetCredential command (ONVIF Credential ServiceSpecification)
Feature Under Test: ModifyCredential
WSDL Reference: credential.wsdl, accessrules.wsdl, and event.wsdl
Test Purpose: To verify modifying of credential with different states using SetCredential commandand generating of appropriate notifications.
Pre-Requisite: Credential Service is received from the DUT. Event Service was received from theDUT. Access Rules Service is received from the DUT. Client Supplied Token is supported by theDUT. The DUT shall have enough free storage capacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves Credential Service Capabilities by following the procedure mentionedin Annex A.2 with the following input and output parameters
• out cap - Credential Service capabilities
4. ONVIF Client retrieves complete list of credentials by following the procedure mentioned inAnnex A.3 with the following input and output parameters
• out initialCredentialCompleteList - credential complete list
5. ONVIF Client checks free storage for additional credential by following the procedurementioned in Annex A.7 with the following input and output parameters
• in initialCredentialCompleteList - credential complete list
• out credentialToRestore - removed credential
• out stateToRestore - state of removed credential
94 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
6. ONVIF Client retrieves complete list of access profiles by following the procedure mentionedin Annex A.5 with the following input and output parameters
• out accessProfileCompleteList - access profiles complete list
7. ONVIF Client creates credential by following the procedure mentioned in Annex A.11 withthe following input and output parameters
• in false - ExemptedFromAuthentication value
• out typeName - selected identifier type name
• out formatType - selected identifier format type
• out value - credential identifier value for selected identifier format type
• out credentialToken - Credential token
8. ONVIF Client creates PullPoint subscription for the specified topic by following the procedurementioned in Annex A.21 with the following input and output parameters
• in tns1:Configuration/Credential/Changed - Notification Topic
• out s - Subscription reference
• out currentTime - current time for the DUT
• out terminationTime - Subscription termination time
9. Set credential :=
• Credential.token := credentialToken
• Credential.Description := "Test Description2"
• Credential.CredentialHolderReference := "TestUser2"
• Credential.ValidFrom skipped
• Credential.ValidTo skipped
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := true if cap.Extensioncontains SupportedExemptionType element with value = pt:ExemptFromAuthentication,otherwice false
www.onvif.org 95
ONVIF Credential Device Test Specification Version 18.12
• Credential.CredentialIdentifier[0].Value := value
• If accessProfileCompleteList contains at least one item:
• Credential.CredentialAccessProfile.AccessProfileToken :=accessProfileCompleteList[0].token
• Credential.CredentialAccessProfile.ValidFrom skipped
• Credential.CredentialAccessProfile.ValidTo skipped
otherwise:
• Credential.CredentialAccessProfile is skipped
• Credential.Extension skipped
10.ONVIF client invokes SetCredential request with parameters
• Credential := credential
• State.Enabled := false
• State.Reason := "Test Reason2"
• State.AntipassbackState.AntipassbackViolated := false ifcap.ResetAntipassbackSupported value is equal to true, otherwiseState.AntipassbackState is skipped
11. The DUT responds with SetCredentialResponse message.
12.ONVIF Client retrieves and checks tns1:Configuration/Credential/Changed event for thespecified Credential token by following the procedure mentioned in Annex A.23 with thefollowing input and output parameters
• in s - Subscription reference
• in currentTime - current time for the DUT
• in terminationTime - subscription termination time
• in credentialToken - Credential token
13.ONVIF Client deletes PullPoint subscription by following the procedure mentioned in AnnexA.22 with the following input and output parameters
• in s - Subscription reference
96 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
14.ONVIF Client retrieves a credential by following the procedure mentioned in Annex A.8 withthe following input and output parameters
• in credentialToken - credential token
• out credentialList - the list of credentials
15. If credentialList[0] item does not have equal to credential, FAIL the test, restore the DUTstate, and skip other steps.
16.ONVIF Client retrieves a credential info by following the procedure mentioned in Annex A.9with the following input and output parameters
• in credentialToken - credential token
• out credentialInfoList - the list of credentials info
17. If credentialInfoList[0] item does not have equal fields with credential, FAIL the test, restorethe DUT state, and skip other steps.
18.ONVIF Client retrieves complete list of credentials info by following the procedure mentionedin Annex A.1 with the following input and output parameters
• out credentialInfoCompleteList - credential info complete list
19. If credentialInfoCompleteList does not have CredentialInfo[token = credentialToken] itemwith equal fields with credential, FAIL the test, restore the DUT state, and skip other steps.
20.ONVIF Client retrieves complete list of credentials by following the procedure mentioned inAnnex A.3 with the following input and output parameters
• out credentialCompleteList - credential complete list
21. If credentialCompleteList does not have Credential[token = credentialToken] item with equalfields with credential, FAIL the test, restore the DUT state, and skip other steps.
22.ONVIF Client retrieves credential state by following the procedure mentioned in Annex A.13with the following input and output parameters
• in credentialToken - credential token
• out credentialState - credential state
23. If credentialState[0].Enabled equal to true, FAIL the test, restore the DUT state, and skipother steps.
24. If credentialState[0].Reason does not equal to "Test Reason2" or missed, FAIL the test,restore the DUT state, and skip other steps.
www.onvif.org 97
ONVIF Credential Device Test Specification Version 18.12
25. If cap.ResetAntipassbackSupported value is equal to true check the following:
25.1. If credentialState[0] does not contain AntipassbackState element, FAIL the test,restore the DUT state, and skip other steps.
25.2. If credentialState[0].AntipassbackState.AntipassbackViolated equal to true, FAIL thetest, restore the DUT state, and skip other steps.
26.ONVIF Client deletes the Credential by following the procedure mentioned in Annex A.6 withthe following input and output parameters
• in credentialToken - credential token
27. If there was credential deleted at step 5:
27.1. ONVIF Client restores credential deletes special day group by following the procedurementioned in Annex A.10 with the following input and output parameters
• in credentialToRestore - removed credential
• in stateToRestore - state of removed credential
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send SetCredentialResponse message.
Note: The following fields are compared at steps 15 and 21:
• Credential:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
• CredentialIdentifier list (Type.Name is used as unique key for comparing)
• Type
98 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• Name
• FormatType
• ExemptedFromAuthentication
• Value
• CredentialAccessProfile list (AccessProfileToken is used as unique key for comparing)
• AccessProfileToken
• ValidFrom
• ValidTo
• Attribute list
• Name
• Value
Note: The following fields are compared at steps 17 and 19:
• CredentialInfo:
• token
• Description
• CredentialHolderToken
• ValidFrom
• ValidTo
4.4 Credential State
4.4.1 GET CREDENTIAL STATE
Test Case ID: CREDENTIAL-4-1-1
Specification Coverage: CredentialState (ONVIF Credential Service Specification),GetCredentialState command (ONVIF Credential Service Specification)
Feature Under Test: GetCredentialState
www.onvif.org 99
ONVIF Credential Device Test Specification Version 18.12
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential State.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves a complete credential information list (outcredentialInfoCompleteList) by following the procedure mentioned in Annex A.1.
5. If credentialInfoCompleteList is empty, skip other steps.
6. For each CredentialInfo.token token from credentialInfoCompleteList repeat the followingsteps:
6.1. ONVIF client invokes GetCredentialState with parameters
• Token := token
6.2. The DUT responds with GetCredentialStateResponse message with parameters
• State =: credentialState
6.3. If cap.ResetAntipassbackSupported is equal to true and credentialState does notcontain AntipassbackState element, FAIL the test.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetCredentialStateResponse message.
4.4.2 CHANGE CREDENTIAL STATE
Test Case ID: CREDENTIAL-4-1-2
100 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Specification Coverage: CredentialState (ONVIF Credential Service Specification),GetCredentialState command (ONVIF Credential Service Specification), EnableCredentialcommand (ONVIF Credential Service Specification), DisableCredential command (ONVIFCredential Service Specification).
Feature Under Test: GetCredentialState, EnableCredential, DisableCredential.
WSDL Reference: credential.wsdl and event.wsdl
Test Purpose: To verify enabling and disabling of Credential and generating of appropriatenotifications.
Pre-Requisite: Credential Service is received from the DUT. Event Service was received from theDUT. The DUT shall have enough free storage capacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList1) byfollowing the procedure mentioned in Annex A.3.
4. ONVIF Client checks free storage (in credentialCompleteList1) for additional Credentialand removes one if needed (out credentialToRestore, out stateToRestore) by following theprocedure mentioned in Annex A.7.
5. ONVIF Client creates credential (out credentialToken) with antipass back state equal to false(in false) by following the procedure mentioned in Annex A.11.
6. ONVIF client invokes GetCredentialState with parameters
• Token := credentialToken
7. The DUT responds with GetCredentialStateResponse message with parameters
• State =: credentialState1
8. If credentialState1.Enabled is not equal to true, FAIL the test and go to step 23.
9. ONVIF Client invokes CreatePullPointSubscription with parameters
• Filter.TopicExpression := "tns1:Credential/State/Enabled"
10.The DUT responds with a CreatePullPointSubscriptionResponse message withparameters
www.onvif.org 101
ONVIF Credential Device Test Specification Version 18.12
• SubscriptionReference =: s
• CurrentTime =: ct
• TerminationTime =: tt
11. ONVIF Client changes credential state (in credentialState1) for created credential (incredentialToken) by following the procedure mentioned in Annex A.4.
12.Until oprationDelay timeout expires, repeat the following steps:
12.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
12.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
12.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
12.4. If m is not null:
12.4.1. If TopicExpression item in m is not equal to "tns1:Credential/State/Enabled",FAIL the test and go to the step 23.
12.4.2. If m does not contain Source.SimpleItem item with Name = "CredentialToken"and with Value = credentialToken, FAIL the test and go to the step 23.
12.4.3. If m does not contain Data.SimpleItem item with Name = "State" and with Value= false, FAIL the test and go to the step 23.
12.4.4. If m does not contain Data.SimpleItem item with Name = "Reason" and withValue = "Test Reason", FAIL the test and go to the step 23.
12.4.5. If m does not contain Data.SimpleItem item with Name = "ClientUpdated", FAILthe test and go to the step 23.
12.4.6. If m.Message.Message.Data.SimpleItem.ClientUpdated has value typedifferent from xs:boolean type, FAIL the test and go to the step 23.
102 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
12.4.7. Goto step 14.
13. If oprationDelay timeout expires for step 12 without any Notification, FAIL the test and goto the step 23.
14.ONVIF client invokes GetCredentialState with parameters
• Token := credentialToken
15.The DUT responds with GetCredentialStateResponse message with parameters
• State =: credentialState2
16. If credentialState1.Enabled equal to credentialState2.Enabled, FAIL the test and go to step23.
17.ONVIF Client changes credential state (in credentialState2) for created credential (incredentialToken) by following the procedure mentioned in Annex A.4.
18.Until oprationDelay timeout expires, repeat the following steps:
18.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
18.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
18.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
18.4. If m is not null:
18.4.1. If TopicExpression item in m is not equal to "tns1:Credential/State/Enabled",FAIL the test and go to the step 23.
18.4.2. If m does not contain Source.SimpleItem item with Name = "CredentialToken"and with Value = credentialToken, FAIL the test and go to the step 23.
18.4.3. If m does not contain Data.SimpleItem item with Name = "State" and with Value= true, FAIL the test and go to the step 23.
www.onvif.org 103
ONVIF Credential Device Test Specification Version 18.12
18.4.4. If m does not contain Data.SimpleItem item with Name = "Reason" and withValue = "Test Reason", FAIL the test and go to the step 23.
18.4.5. If m does not contain Data.SimpleItem item with Name = "ClientUpdated", FAILthe test and go to the step 23.
18.4.6. If m.Message.Message.Data.SimpleItem.ClientUpdated has value typedifferent from xs:boolean type, FAIL the test and go to the step 23.Goto step20.
19. If oprationDelay timeout expires for step 11 without any Notification, FAIL the test and goto the step 22.
20.ONVIF client invokes GetCredentialState with parameters
• Token := credentialToken
21.The DUT responds with GetCredentialStateResponse message with parameters
• State =: credentialState3
22. If credentialState3.Enabled equal to credentialState2.Enabled, FAIL the test and go to step23.
23.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
24. If there was credential deleted at step 4, restore it (in credentialToRestore) with initial state(in stateToRestore) by following the procedure mentioned in Annex A.10 to restore DUTconfiguration.
25.ONVIF Client sends an Unsubscribe to the subscription endpoint s.
26.The DUT responds with UnsubscribeResponse message.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialStateResponse message.
• The DUT did not send CreatePullPointSubscriptionResponse message.
104 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• The DUT did not send PullMessagesResponse message.
• The DUT did not send UnsubscribeResponse message.
Note: oprationDelay will be taken from Operation Delay field of ONVIF Device Test Tool.
4.4.3 GET CREDENTIAL STATE WITH INVALID TOKEN
Test Case ID: CREDENTIAL-4-1-3
Specification Coverage: GetCredentialState command (ONVIF Credential Service Specification)
Feature Under Test: GetCredentialState
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential State with invalid token.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete credential information list (outcredentialInfoCompleteList) by following the procedure mentioned in Annex A.1.
4. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
5. ONVIF client invokes GetCredentialState with parameters
• Token := invalidToken
6. The DUT returns env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
www.onvif.org 105
ONVIF Credential Device Test Specification Version 18.12
• The DUT did not send env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
4.4.4 ENABLE CREDENTIAL WITH INVALID TOKEN
Test Case ID: CREDENTIAL-4-1-4
Specification Coverage: EnableCredential command (ONVIF Credential Service Specification)
Feature Under Test: EnableCredential
WSDL Reference: credential.wsdl
Test Purpose: To verify Enable Credential with invalid token.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete credential information list (outcredentialInfoCompleteList) by following the procedure mentioned in Annex A.1.
4. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
5. ONVIF client invokes EnableCredential with parameters
• Token := invalidToken
6. The DUT returns env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault
106 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
4.4.5 DISABLE CREDENTIAL WITH INVALID TOKEN
Test Case ID: CREDENTIAL-4-1-5
Specification Coverage: DisableCredential command (ONVIF Credential Service Specification)
Feature Under Test: DisableCredential
WSDL Reference: credential.wsdl
Test Purpose: To verify Disable Credential with invalid token.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete credential information list (outcredentialInfoCompleteList) by following the procedure mentioned in Annex A.1.
4. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
5. ONVIF client invokes DisableCredential with parameters
• Token := invalidToken
6. The DUT returns env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
www.onvif.org 107
ONVIF Credential Device Test Specification Version 18.12
4.5 Credential Identifiers
4.5.1 GET CREDENTIAL IDENTIFIERS
Test Case ID: CREDENTIAL-5-1-1
Specification Coverage: CredentialIdentifier (ONVIF Credential Service Specification),CredentialIdentiferValue (ONVIF Credential Service Specification), GetCredentialIdentifierscommand (ONVIF Credential Service Specification)
Feature Under Test: GetCredentialIdentifiers
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential Identifiers.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
5. If credentialCompleteList is empty, skip other steps.
6. For each Credential.token token from credentialCompleteList repeat the following steps:
6.1. ONVIF client invokes GetCredentialIdentifiers with parameters
• CredentialToken := token
6.2. The DUT responds with GetCredentialIdentifiersResponse message withparameters
• CredentialIdentifier list =: credentialIdentifierList
6.3. If credentialIdentifierList contains at least two credential identifier items with equalType.Name, FAIL the test and skip other steps.
108 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
6.4. If credentialIdentifierList contains at least one credential identifier item with Type.Nameother than listed in cap.SupportedIdentifierTypes, FAIL the test and skip other steps.
6.5. If credentialIdentifierList does not contain all credential identifiers fromcredentialCompleteList[token = token].CredentialIdentifierList, FAIL the test and skipother steps.
6.6. If credentialIdentifierList contains credential identifiers other than credential identifiersfrom credentialCompleteList[token = token].CredentialIdentifierList, FAIL the test andskip other steps.
6.7. For each credential identifier credentialIdentifier from credentialIdentifierList repeat thefollowing steps:
6.7.1. If credentialIdentifier item does not have equal field values tocredentialCompleteList[token = token].CredentialIdentifierList [Type.Name =credentialIdentifier.Type.Name] item, FAIL the test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetCredentialIdentifiersResponse message.
Note: To compare identifiers list as steps 6.5 and 6.6 Type.Name is used as unique value foridentifier.
Note: The following fields are compared at step 6.7.1:
• Type
• Name
• FormatType
• ExemptedFromAuthentication
• Value
4.5.2 SET CREDENTIAL IDENTIFIER – ADDING NEW TYPE
Test Case ID: CREDENTIAL-5-1-2
www.onvif.org 109
ONVIF Credential Device Test Specification Version 18.12
Specification Coverage: CredentialIdentifier (ONVIF Credential Service Specification),CredentialIdentiferValue (ONVIF Credential Service Specification), GetCredentialIdentifierscommand (ONVIF Credential Service Specification), SetCredentialIdentifier command (ONVIFCredential Service Specification)
Feature Under Test: SetCredentialIdentifier
WSDL Reference: credential.wsdl and event.wsdl
Test Purpose: To verify creation of credential identifier and generating of appropriate notifications.
Pre-Requisite: Credential Service is received from the DUT. Event Service is received from theDUT. The DUT shall have enough free storage capacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. If cap.SupportedIdentifierType does not contain more than one IdentifierType item, skip othersteps.
5. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
6. ONVIF Client checks free storage for additional Credential (in credentialCompleteList, outcredentialToRestore, stateToReastore) by following the procedure mentioned in Annex A.7.
7. ONVIF Client creates credential (in cap) with ExemptedFromAuthentication equal to false(in false), with Credential identifier item (out typeName1) with corresponding Credentialidentifier Format Type (out formatType1) and corresponding credential identifier value(out value1) and with credential token (out credentialToken) by following the procedurementioned in Annex A.11.
8. Set the following:
• identifierTypeNameList := cap.SupportedIdentifierType - typeName1
9. ONVIF Client retrieves a Credential identifier type name (out typeName2) different fromtypeName1 (in identifierTypeNameList) with corresponding Credential identifier Format Type(out formatType2) and corresponding credential identifier value (out value2) by following theprocedure mentioned in Annex A.15.
110 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
10.ONVIF Client invokes CreatePullPointSubscription with parameters
• Filter.TopicExpression := "tns1:Configuration/Credential/Changed"
11. The DUT responds with a CreatePullPointSubscriptionResponse message withparameters
• SubscriptionReference =: s
• CurrentTime =: ct
• TerminationTime =: tt
12.ONVIF client invokes SetCredentialIdentifier with parameters
• CredentialToken := credentialToken
• CredentialIdentifier.Type.Name := typeName2
• CredentialIdentifier.Type.FormatType := formatType2
• CredentialIdentifier.ExemptedFromAuthentication := true if cap.Extension containsSupportedExemptionType element with value = pt:ExemptFromAuthentication, otherwicefalse
• CredentialIdentifier.Value := value2
13.The DUT responds with empty SetCredentialIdentifierResponse message.
14.Until oprationDelay timeout expires, repeat the following steps:
14.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
14.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
14.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
14.4. If m is not null and the TopicExpression item in m is not equal to "tns1:Configuration/Credential/Changed", FAIL the test and go to the step 28.
www.onvif.org 111
ONVIF Credential Device Test Specification Version 18.12
14.5. If m is not null and does not contain Source.SimpleItem item with Name ="CredentialToken" and Value = credentialToken, FAIL the test and go to the step 28.
14.6. If m is not null and contains Source.SimpleItem item with Name = "CredentialToken"and Value = credentialToken, go to the step 14.
15. If oprationDelay timeout expires for step 14 without Notification with CredentialToken sourcesimple item equal to credentialToken, FAIL the test and go to the step 28.
16.ONVIF client invokes GetCredentialIdentifiers with parameters
• CredentialToken := credentialToken
17.The DUT responds with GetCredentialIdentifiersResponse message with parameters
• CredentialIdentifier list =: credentialIdentifierList
18. If credentialIdentifierList contains more or less than two items, FAIL the test and go to step28.
19. If credentialIdentifierList does not have item with CredentialIdentifier.Type.Name value equalto typeName1, FAIL the test and go to step 28.
20. If credentialIdentifierList does not have item with CredentialIdentifier.Type.Name value equalto typeName2, FAIL the test and go to step 28.
21. If credentialIdentifierList item with CredentialIdentifier.Type.Name value equal to typeName1has FormatType value different from formatType1, FAIL the test and go to step 28.
22. If credentialIdentifierList item with CredentialIdentifier.Type.Name value equal to typeName1has Value value different from value1, FAIL the test and go to step 28.
23. If credentialIdentifierList item with CredentialIdentifier.Type.Name value equal to typeName1has ExemptedFromAuthentication value different from false, FAIL the test and go to step 28.
24. If credentialIdentifierList item with CredentialIdentifier.Type.Name value equal to typeName2has FormatType value different from formatType2, FAIL the test and go to step 28.
25. If credentialIdentifierList item with CredentialIdentifier.Type.Name value equal to typeName2has Value value different from value2, FAIL the test and go to step 28.
26. If cap.Extension contains SupportedExemptionType element with value =pt:ExemptFromAuthentication:
26.1. If credentialIdentifierList item with CredentialIdentifier.Type.Name value equal totypeName2 has ExemptedFromAuthentication value different from true, FAIL the testand go to step 28.
112 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
27. If cap.Extension does not contain SupportedExemptionType element with value =pt:ExemptFromAuthentication:
27.1. If credentialIdentifierList item with CredentialIdentifier.Type.Name value equal totypeName2 has ExemptedFromAuthentication value different from false, FAIL the testand go to step 28.
28.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
29. If there was credential deleted at step 6, restore it (in credentialToRestore, instateToReastore) by following the procedure mentioned in Annex A.10 to restore DUTconfiguration.
30.ONVIF Client sends an Unsubscribe to the subscription endpoint s.
31.The DUT responds with UnsubscribeResponse message.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialIdentifiersResponse message.
• The DUT did not send SetCredentialIdentifierResponse message.
• The DUT did not send CreatePullpointSubscriptionResponse message.
• The DUT did not send PullMessagesResponse message.
• The DUT did not send UnsubscribeResponse message.
Note: oprationDelay will be taken from Operation Delay field of ONVIF Device Test Tool.
Note: If the DUT supports only one credential identifier type, type warning message at step 4.
4.5.3 SET CREDENTIAL IDENTIFIER – REPLACE OF THESAME TYPE
Test Case ID: CREDENTIAL-5-1-3
Specification Coverage: CredentialIdentifier (ONVIF Credential Service Specification),CredentialIdentiferValue (ONVIF Credential Service Specification), GetCredentialIdentifiers
www.onvif.org 113
ONVIF Credential Device Test Specification Version 18.12
command (ONVIF Credential Service Specification), SetCredentialIdentifier command (ONVIFCredential Service Specification)
Feature Under Test: SetCredentialIdentifier
WSDL Reference: credential.wsdl and event.wsdl
Test Purpose: To verify replacing of credential identifier and generating of appropriate notifications.
Pre-Requisite: Credential Service is received from the DUT. Event Service is received from theDUT. The DUT shall have enough free storage capacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
5. ONVIF Client checks free storage for additional Credential (in credentialCompleteList, outcredentialToRestore, out stateToReastore) by following the procedure mentioned in AnnexA.7.
6. ONVIF Client retrieves a list of Credential identifier Type Name items, which support atleast two Format Types (out CredentialIdentifierTypeNameList) by following the procedurementioned in Annex A.16.
7. If CredentialIdentifierTypeNameList is empty, skip other steps.
8. ONVIF Client retrieves Credential identifier Type Name (out typeName) with correspondingCredential identifier Format Type (out formatType1) and Credential identifier value (outvalue1), and with corresponding Credential identifier Format Type (out formatType2) andCredential identifier value (out value2) based on Credential identifier Type Name items (inCredentialIdentifierTypeNameList) by following the procedure mentioned inAnnex A.17.
9. ONVIF client invokes CreateCredential with parameters
• Credential.token := ""
• Credential.Description := "Test Description"
• Credential.CredentialHolderReference := "TestUser"
114 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• Credential.ValidFrom skipped
• Credential.ValidTo skipped
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType1
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := false
• Credential.CredentialIdentifier[0].Value := value1
• Credential.CredentialAccessProfile skipped
• Credential.Extension skipped
• State.Enabled := true
• State.Reason := "Test Reason"
• State.AntipassbackState.AntipassbackViolated := false ifcap.ResetAntipassbackSupported value is equal to true, otherwise otherwiseState.AntipassbackState is skipped
10.The DUT responds with CreateCredentialResponse message with parameters
• Token =: credentialToken
11. ONVIF Client invokes CreatePullPointSubscription with parameters
• Filter.TopicExpression := "tns1:Configuration/Credential/Changed"
12.The DUT responds with a CreatePullPointSubscriptionResponse message withparameters
• SubscriptionReference =: s
• CurrentTime =: ct
• TerminationTime =: tt
13.ONVIF client invokes SetCredentialIdentifier with parameters
• CredentialToken := credentialToken
• CredentialIdentifier.Type.Name := typeName
• CredentialIdentifier.Type.FormatType := formatType2
www.onvif.org 115
ONVIF Credential Device Test Specification Version 18.12
• CredentialIdentifier.ExemptedFromAuthentication := true if cap.Extension containsSupportedExemptionType element with value = pt:ExemptFromAuthentication, otherwicefalse
• CredentialIdentifier.Value := value2
• CredentialIdentifier.Extension skipped
14.The DUT responds with empty SetCredentialIdentifierResponse message.
15.Until oprationDelay timeout expires, repeat the following steps:
15.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
15.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
15.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
15.4. If m is not null and the TopicExpression item in m is not equal to "tns1:Configuration/Credential/Changed", FAIL the test and go to the step 21.
15.5. If m is not null and does not contain Source.SimpleItem item with Name ="CredentialToken" and Value = credentialToken, FAIL the test and go to the step 21.
15.6. If m is not null and contains Source.SimpleItem item with Name = "CredentialToken"and Value = credentialToken, go to the step 16.
16. If oprationDelay timeout expires for step 14 without Notification with CredentialToken sourcesimple item equal to credentialToken, FAIL the test and go to the step 21.
17.ONVIF client invokes GetCredentialIdentifiers with parameters
• CredentialToken := credentialToken
18.The DUT responds with GetCredentialIdentifiersResponse message with parameters
• CredentialIdentifier list =: credentialIdentifierList
116 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
19. If credentialIdentifierList contains more or less than one item, FAIL the test and go to step 21.
20. If credentialIdentifierList[0].CredentialIdentifier.Type.Name item is not equal to typeName,FAIL the test and go to step 21.
21. If credentialIdentifierList item with CredentialIdentifier.Type.Name value equal to typeNamehas different field values to values from step 13, FAIL the test and go to step 21.
22.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
23. If there was credential deleted at step 5, restore it (in credentialToRestore, instateToReastore) by following the procedure mentioned in Annex A.10 to restore DUTconfiguration.
24.ONVIF Client sends an Unsubscribe to the subscription endpoint s.
25.The DUT responds with UnsubscribeResponse message.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialIdentifiersResponse message.
• The DUT did not send SetCredentialIdentifierResponse message.
• The DUT did not send CreatePullpointSubscriptionResponse message.
• The DUT did not send PullMessagesResponse message.
• The DUT did not send UnsubscribeResponse message.
Note: oprationDelay will be taken from Operation Delay field of ONVIF Device Test Tool.
• CredentialIdentifier list (Type.Name is used as unique key for comparing)
• Type
• Name
• FormatType
• ExemptedFromAuthentication
• Value
www.onvif.org 117
ONVIF Credential Device Test Specification Version 18.12
4.5.4 DELETE CREDENTIAL IDENTIFIER
Test Case ID: CREDENTIAL-5-1-4
Specification Coverage: CredentialIdentifier (ONVIF Credential Service Specification),CredentialIdentiferValue (ONVIF Credential Service Specification), GetCredentialIdentifierscommand (ONVIF Credential Service Specification), SetCredentialIdentifiers command (ONVIFCredential Service Specification)
Feature Under Test: DeleteCredentialIdentifier
WSDL Reference: credential.wsdl and event.wsdl
Test Purpose: To verify replacing of credential identifier and generating of appropriate notifications.
Pre-Requisite: Credential Service is received from the DUT. Event Service is received from theDUT. The DUT shall have enough free storage capacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. If cap.SupportedIdentifierType contains less than two SupportedIdentifierType items, skipother steps.
5. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
6. ONVIF Client checks free storage for additional Credential (in credentialCompleteList, outcredentialToRestore, stateToReastore) by following the procedure mentioned in Annex A.7.
7. ONVIF Client creates credential with two Credential identifier items (out typeName1), (outtypeName2), with corresponding Format Types (out formatType1), (out formatType2) andwith corresponding values (out value1), (out value2), with antipass back state equal tofalse (in false), and with credential token (out credentialToken) by following the procedurementioned in Annex A.18.
8. ONVIF Client invokes CreatePullPointSubscription with parameters
• Filter.TopicExpression := "tns1:Configuration/Credential/Changed"
118 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
9. The DUT responds with a CreatePullPointSubscriptionResponse message withparameters
• SubscriptionReference =: s
• CurrentTime =: ct
• TerminationTime =: tt
10.ONVIF client invokes DeleteCredentialIdentifier with parameters
• CredentialToken := credentialToken
• CredentialIdentifierTypeName := typeName1
11. The DUT responds with empty DeleteCredentialIdentifierResponse message.
12.Until oprationDelay timeout expires, repeat the following steps:
12.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
12.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
12.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
12.4. If m is not null and the TopicExpression item in m is not equal to "tns1:Configuration/Credential/Changed", FAIL the test and go to the step 22.
12.5. If m is not null and does not contain Source.SimpleItem item with Name ="CredentialToken" and Value = credentialToken, FAIL the test and go to the step 22.
12.6. If m is not null and contains Source.SimpleItem item with Name = "CredentialToken"and Value = credentialToken, go to the step 14.
13. If oprationDelay timeout expires for step 12 without Notification with CredentialToken sourcesimple item equal to credentialToken, FAIL the test and go to the step 22.
14.ONVIF client invokes GetCredentialIdentifiers with parameters
www.onvif.org 119
ONVIF Credential Device Test Specification Version 18.12
• CredentialToken := credentialToken
15.The DUT responds with GetCredentialIdentifiersResponse message with parameters
• CredentialIdentifier list =: credentialIdentifierList
16. If credentialIdentifierList contains less than one item, FAIL the test and go to step 22.
17. If credentialIdentifierList contains more than one item, FAIL the test and go to step 22.
18. If credentialIdentifierList[0].CredentialIdentifier.Type.Name value does not equal totypeName2, FAIL the test and go to step 22.
19. If credentialIdentifierList[0].CredentialIdentifier.Type.FormatType value does not equal toformatType2, FAIL the test and go to step 22.
20. If credentialIdentifierList[0].CredentialIdentifier.ExemptedFromAuthentication value doesnot equal to false, FAIL the test and go to step 22.
21. If credentialIdentifierList[0].CredentialIdentifier.Value value does not equal to value2, FAILthe test and go to step 22.
22.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
23. If there was credential deleted at step 4, restore it (in credentialToRestore, stateToReastore)by following the procedure mentioned in Annex A.10 to restore DUT configuration.
24.ONVIF Client sends an Unsubscribe to the subscription endpoint s.
25.The DUT responds with UnsubscribeResponse message.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialIdentifiersResponse message.
• The DUT did not send DeleteCredentialIdentifierResponse message.
• The DUT did not send CreatePullpointSubscriptionResponse message.
• The DUT did not send PullMessagesResponse message.
120 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• The DUT did not send UnsubscribeResponse message.
Note: oprationDelay will be taken from Operation Delay field of ONVIF Device Test Tool.
4.5.5 GET SUPPORTED FORMAT TYPES
Test Case ID: CREDENTIAL-5-1-5
Specification Coverage: CredentialIdentifier (ONVIF Credential Service Specification),GetSupportedFormatTypes command (ONVIF Credential Service Specification)
Feature Under Test: GetSupportedFormatTypes
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Supported Format Types.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. For each cap.SupportedIdentifierType identifierType repeat the following steps:
4.1. ONVIF client invokes GetSupportedFormatTypes with parameters
• CredentialIdentifierTypeName := identifierType
4.2. The DUT responds with GetSupportedFormatTypesResponse message withparameters
• FormatTypeInfo list =: receivedformatTypeInfoList
4.3. Set formatTypeInfoList[identifierType] := receivedFormatTypeInfoList.
4.4. If formatTypeInfoList[identifierType] is empty, FAIL the test and skip other steps.
4.5. If formatTypeInfoList[identifierType] contains at least two format type info items withequal FormatType, FAIL the test and skip other steps.
www.onvif.org 121
ONVIF Credential Device Test Specification Version 18.12
5. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
6. If credentialCompleteList is empty, skip other steps.
7. For each Credential.token token from credentialCompleteList repeat the following steps:
7.1. ONVIF client invokes GetCredentialIdentifiers with parameters
• CredentialToken := token
7.2. The DUT responds with GetCredentialIdentifiersResponse message withparameters
• CredentialIdentifier list =: credentialIdentifierList
7.3. For each CredentialIdentifier.Type.Name typeName from credentialIdentifierListrepeat the following steps:
7.3.1. If credential identifier type with typeName contains otherformat type (CredentialIdentifier.Type.FormatType) than listed informatTypeInfoList[typeName], FAIL the test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialIdentifiersResponse message.
• The DUT did not send GetSupportedFormatTypesResponse message.
4.5.6 GET CREDENTIAL IDENTIFIERS WITH INVALIDTOKEN
Test Case ID: CREDENTIAL-5-1-6
Specification Coverage: GetCredentialIdentifiers command (ONVIF Credential ServiceSpecification)
Feature Under Test: GetCredentialIdentifiers
WSDL Reference: credential.wsdl
122 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Test Purpose: To verify Get Credential Identifiers with Invalid Token.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete credential information list (outcredentialInfoCompleteList) by following the procedure mentioned in Annex A.1.
4. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
5. ONVIF client invokes GetCredentialIdentifiers with parameters
• CredentialToken := invalidToken
6. The DUT returns env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
4.5.7 SET CREDENTIAL IDENTIFIER WITH INVALID TOKEN
Test Case ID: CREDENTIAL-5-1-7
Specification Coverage: SetCredentialIdentifier command (ONVIF Credential ServiceSpecification)
Feature Under Test: SetCredentialIdentifier with invalid token
WSDL Reference: credential.wsdl
www.onvif.org 123
ONVIF Credential Device Test Specification Version 18.12
Test Purpose: To verify Set Credential Identifier with Invalid Token.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete credential information list (outcredentialInfoCompleteList) by following the procedure mentioned in Annex A.1.
4. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
5. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
6. ONVIF Client retrieves (in cap.SupportedIdentifierType) a supported Credential identifiertype name (out typeName) with Credential identifier Format Type (out formatType) and withcredential identifier value (out value) by the following procedure mentioned in Annex A.15.
7. ONVIF client invokes SetCredentialIdentifier with parameters
• CredentialToken := invalidToken
• CredentialIdentifier.Type.Name := typeName
• CredentialIdentifier.Type.FormatType := formatType
• CredentialIdentifier.ExemptedFromAuthentication := false
• CredentialIdentifier.Value := value
• CredentialIdentifier.Extension skipped
8. The DUT returns env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
124 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• The DUT did not send env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
4.5.8 DELETE CREDENTIAL IDENTIFIER WITH INVALIDCREDENTIAL TOKEN
Test Case ID: CREDENTIAL-5-1-8
Specification Coverage: DeleteCredentialIdentifier command (ONVIF Credential ServiceSpecification)
Feature Under Test: DeleteCredentialIdentifier
WSDL Reference: credential.wsdl
Test Purpose: To verify Delete Credential Identifier with invalid credential token.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves a complete credential information list (outcredentialInfoCompleteList) by following the procedure mentioned in Annex A.1.
5. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
6. ONVIF client invokes DeleteCredentialIdentifier with parameters
• CredentialToken := invalidToken
• CredentialIdentifierTypeName := cap.SupportedIdentifierType[0]
7. The DUT returns env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault.
Test Result:
www.onvif.org 125
ONVIF Credential Device Test Specification Version 18.12
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
4.5.9 DELETE CREDENTIAL IDENTIFIER WITH INVALIDIDENTIFIER TYPE
Test Case ID: CREDENTIAL-5-1-9
Specification Coverage: DeleteCredentialIdentifier command (ONVIF Credential ServiceSpecification)
Feature Under Test: DeleteCredentialIdentifier
WSDL Reference: credential.wsdl
Test Purpose: To verify Delete Credential Identifier with invalid identifier type.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. If cap.SupportedIdentifierType contains less than two SupportedIdentifierType items, skipother steps.
5. ONVIF Client creates credential with two Credential identifier items (out typeName1), (outtypeName2), with corresponding Format Types (out formatType1), (out formatType2) andwith corresponding values (out value1), (out value2), with antipass back state equal tofalse (in false), and with credential token (out credentialToken) by following the procedurementioned in Annex A.18.
126 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
6. Set the following:
• invalidIdentifierType := value not equal to any cap.SupportedIdentifierType.
7. ONVIF client invokes DeleteCredentialIdentifier with parameters
• CredentialToken := credentialToken
• CredentialIdentifierTypeName := invalidIdentifierType
8. The DUT returns DeleteCredentialIdentifierResponse.
9. ONVIF client invokes GetCredentialIdentifiers with parameters
• CredentialToken := credentialToken
10.The DUT responds with GetCredentialIdentifiersResponse message with parameters
• CredentialIdentifier list =: credentialIdentifierList
11. If credentialIdentifierList contains less than two items, FAIL the test and go to step 15.
12. If credentialIdentifierList contains more than two items, FAIL the test and go to step 15.
13. If credentialIdentifierList does not contain typeName1, FAIL the test and go to step 15.
14. If credentialIdentifierList does not contain typeName2, FAIL the test and go to step 15.
15.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send DeleteCredentialIdentifierResponse message.
4.5.10 DELETE CREDENTIAL IDENTIFIER - MINIDENTIFIERS PER CREDENTIAL
Test Case ID: CREDENTIAL-5-1-10
Specification Coverage: DeleteCredentialIdentifier command (ONVIF Credential ServiceSpecification)
www.onvif.org 127
ONVIF Credential Device Test Specification Version 18.12
Feature Under Test: DeleteCredentialIdentifier
WSDL Reference: credential.wsdl
Test Purpose: To verify Delete Credential Identifier from a credential when credential contains onlyone Credential Identifier.
Pre-Requisite: Credential Service is received from the DUT. The DUT shall have enough freestorage capacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client creates credential with ExemptedFromAuthentication equal to false (in false),with Credential identifier item (out typeName) and with credential token (out credentialToken)by following the procedure mentioned in Annex A.11.
4. ONVIF client invokes DeleteCredentialIdentifier with parameters
• CredentialToken := credentialToken
• CredentialIdentifierTypeName := typeName
5. The DUT returns env:Receiver\ter:ConstraintViolated\ter:MinIdentifiersPerCredentialSOAP 1.2 fault.
6. ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Receiver\ter:ConstraintViolated\ter:MinIdentifiersPerCredential SOAP 1.2 fault
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
128 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
4.6 Credential Access Profiles
4.6.1 GET CREDENTIAL ACCESS PROFILES
Test Case ID: CREDENTIAL-6-1-1
Specification Coverage: CredentialAccessProfile (ONVIF Credential Service Specification),GetCredentialAccessProfiles command (ONVIF Credential Service Specification)
Feature Under Test: GetCredentialAccessProfiles
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential Access Profiles.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
5. If credentialCompleteList is empty, skip other steps.
6. For each Credential.token token from credentialCompleteList repeat the following steps:
6.1. ONVIF client invokes GetCredentialAccessProfiles with parameters
• CredentialToken := token
6.2. The DUT responds with GetCredentialAccessProfilesResponse message withparameters
• CredentialAccessProfile list =: credentialAccessProfileList
6.3. If credentialAccessProfileList contains at least two credential access profile items withequal AccessProfileToken, FAIL the test and skip other steps.
www.onvif.org 129
ONVIF Credential Device Test Specification Version 18.12
6.4. If credentialAccessProfileList contains more AccessProfileInfo items thancap.MaxAccessProfilesPerCredential, FAIL the test and skip other steps.
6.5. If credentialAccessProfileList does not contain all credential access profiles fromcredentialCompleteList[token = token].CredentialAccessProfileList, FAIL the test andskip other steps.
6.6. If credentialAccessProfileList contains credential access profiles otherthan credential access profiles from credentialCompleteList[token =token].CredentialAccessProfileList, FAIL the test and skip other steps.
6.7. For each credential access profile accessProfile from credentialAccessProfileListrepeat the following steps:
6.7.1. If accessProfile item does not have equal field values tocredentialCompleteList[token =token].CredentialAccessProfileList[AccessProfileToken =accessProfile.AccessProfileToken] item, FAIL the test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetCredentialAccessProfilesResponse message.
Note: To compare credential access profile list at steps 6.5 and 6.6, AccessProfileToken is usedas unique value for credential access profile.
Note: The following fields are compared at step 6.7.1:
• AccessProfileToken
• ValidFrom
• ValidTo
4.6.2 SET CREDENTIAL ACCESS PROFILES - ADDING NEWACCESS PROFILE
Test Case ID: CREDENTIAL-6-1-2
130 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Specification Coverage: CredentialAccessProfile (ONVIF Credential Service Specification),SetCredentialAccessProfiles command (ONVIF Credential Service Specification)
Feature Under Test: SetCredentialAccessProfiles
WSDL Reference: credential.wsdl, accessrules.wsdl, and event.wsdl
Test Purpose: To verify Set Credential Access Profiles (adding new Access Profile).
Pre-Requisite: Credential Service is received from the DUT. Access Rules Service is received fromthe DUT. Event Service is received from the DUT. The DUT shall have enough free storage capacityfor one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves a complete list of access profile (out accessProfileCompleteList) byfollowing the procedure mentioned in Annex A.5.
5. Set the following:
• accessProfileToken := accessProfileCompleteList[0].token
6. If accessProfileCompleteList is empty, ONVIF Client creates access profile (outaccessProfileToken) by following the procedure mentioned in Annex A.19.
7. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
8. ONVIF Client checks free storage for additional Credential (in credentialCompleteList, outcredentialToRestore, stateToReastore) by following the procedure mentioned in Annex A.7.
9. ONVIF Client creates credential (in cap, out credentialToken) with Antipassback ViolationState value equal to false (in false) by following the procedure mentioned in Annex A.11.
10.ONVIF Client invokes CreatePullPointSubscription with parameters
• Filter.TopicExpression := "tns1:Configuration/Credential/Changed"
www.onvif.org 131
ONVIF Credential Device Test Specification Version 18.12
11. The DUT responds with a CreatePullPointSubscriptionResponse message withparameters
• SubscriptionReference =: s
• CurrentTime =: ct
• TerminationTime =: tt
12.ONVIF client invokes SetCredentialAccessProfiles with parameters
• CredentialToken := credentialToken
• Credential.CredentialAccessProfile.AccessProfileToken := accessProfileToken
• Credential.CredentialAccessProfile.ValidFrom := validFromDateTime ifcap.CredentialAccessProfileValiditySupported is equal to true. OtherwiseCredential.CredentialAccessProfile.ValidFrom skipped
• Credential.CredentialAccessProfile.ValidTo := validToDateTime ifcap.CredentialAccessProfileValiditySupported is equal to true. OtherwiseCredential.CredentialAccessProfile.ValidTo skipped
13.The DUT responds with empty SetCredentialAccessProfilesResponse message.
14.Until oprationDelay timeout expires, repeat the following steps:
14.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
14.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
14.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
14.4. If m is not null and the TopicExpression item in m is not equal to "tns1:Configuration/Credential/Changed", FAIL the test and go to the step 21.
14.5. If m is not null and does not contain Source.SimpleItem item with Name ="CredentialToken" and Value = credentialToken, FAIL the test and go to the step 21.
132 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
14.6. If m is not null and contains Source.SimpleItem item with Name = "CredentialToken"and Value = credentialToken, go to the step 16.
15. If oprationDelay timeout expires for step 14 without Notification with CredentialToken sourcesimple item equal to credentialToken, FAIL the test and go to the step 21.
16.ONVIF client invokes GetCredentialAccessProfiles with parameters
• CredentialToken := credentialToken
17.The DUT responds with GetCredentialAccessProfilesResponse message withparameters
• CredentialAccessProfile list =: credentialAccessProfileList
18. If credentialAccessProfileList contains more or less than one CredentialAccessProfile item,FAIL the test and go to step 21.
19. If cap.CredentialAccessProfileValiditySupported is equal to true andcap.ValiditySupportsTimeValue is equal to false:
19.1. If credentialAccessProfileList[0].AccessProfileToken value is not equal toaccessProfileToken, FAIL the test and go to step 21.
19.2. If credentialAccessProfileList[0].ValidFrom value contains data component is not equalto data component of validFromDateTime, FAIL the test and go to step 21.
19.3. If credentialAccessProfileList[0].ValidTo value contains data component that is notequal to data component of validToDateTime, FAIL the test and go to step 21.
19.4. Go to the step 21.
20. If credentialAccessProfileList[0] item does not have equal field values to values from step12, FAIL the test and go to step 21.
21.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
22. If there was credential deleted at step 8, restore it (in credentialToRestore, stateToReastore)by following the procedure mentioned in Annex A.10 to restore DUT configuration.
23. If there was access profile created at step 6, ONVIF Client deletes it (in accessProfileToken)by following the procedure mentioned in Annex A.20 to restore DUT configuration.
24.ONVIF Client sends an Unsubscribe to the subscription endpoint s.
www.onvif.org 133
ONVIF Credential Device Test Specification Version 18.12
25.The DUT responds with UnsubscribeResponse message.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialAccessProfilesResponse message.
• The DUT did not send SetCredentialAccessProfilesResponse message.
• The DUT did not send CreatePullPointSubscriptionResponse message.
• The DUT did not send PullMessagesResponse message.
• The DUT did not send UnsubscribeResponse message.
Note: oprationDelay will be taken from Operation Delay field of ONVIF Device Test Tool.
Note: validFromDateTime is set as current time, validToDateTime is set as current time + 1 year.
4.6.3 SET CREDENTIAL ACCESS PROFILES - UPDATINGACCESS PROFILE
Test Case ID: CREDENTIAL-6-1-3
Specification Coverage: CredentialAccessProfile (ONVIF Credential Service Specification),SetCredentialAccessProfiles command (ONVIF Credential Service Specification)
Feature Under Test: SetCredentialAccessProfiles
WSDL Reference: credential.wsdl, accessrules.wsdl, and event.wsdl
Test Purpose: To verify Set Credential Access Profiles (updating Access Profile).
Pre-Requisite: Credential Service is received from the DUT. Access Rules Service is received fromthe DUT. Event Service is received from the DUT. The DUT shall have enough free storage capacityfor one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
134 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. ONVIF Client retrieves a complete list of access profile (out accessProfileCompleteList) byfollowing the procedure mentioned in Annex A.5.
5. Set the following:
• accessProfileToken := accessProfileCompleteList[0].token
6. If accessProfileCompleteList is empty, ONVIF Client creates access profile (outaccessProfileToken) by following the procedure mentioned in Annex A.19.
7. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
8. ONVIF Client checks free storage for additional Credential (in credentialCompleteList1, outcredentialToRestore, stateToReastore) by following the procedure mentioned in Annex A.7.
9. ONVIF Client creates credential (in cap, out credentialToken) with Antipassback ViolationState equal to false (in false) by following the procedure mentioned in Annex A.11.
10.Set the following:
• validFromDateTime1 := value of current time
• validToDateTime1 := validToDateTime1 + one year
11. ONVIF client invokes SetCredentialAccessProfiles with parameters
• CredentialToken := credentialToken
• Credential.CredentialAccessProfile.AccessProfileToken := accessProfileToken
• Credential.CredentialAccessProfile.ValidFrom := validFromDateTime1 ifcap.CredentialAccessProfileValiditySupported is equal to true. OtherwiseCredential.CredentialAccessProfile.ValidFrom skipped.
• Credential.CredentialAccessProfile.ValidTo := validToDateTime1 ifcap.CredentialAccessProfileValiditySupported is equal to true. OtherwiseCredential.CredentialAccessProfile.ValidTo skipped.
12.The DUT responds with empty SetCredentialAccessProfilesResponse message.
13.Set the following:
www.onvif.org 135
ONVIF Credential Device Test Specification Version 18.12
• validFromDateTime2 := validFromDateTime1 + one day + one hour
• validToDateTime2 := validToDateTime1 + one day + one hour
14.ONVIF Client invokes CreatePullPointSubscription with parameters
• Filter.TopicExpression := "tns1:Configuration/Credential/Changed"
15.The DUT responds with a CreatePullPointSubscriptionResponse message withparameters
• SubscriptionReference =: s
• CurrentTime =: ct
• TerminationTime =: tt
16.ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
17.ONVIF client invokes SetCredentialAccessProfiles with parameters
• CredentialToken := credentialToken
• Credential.CredentialAccessProfile.AccessProfileToken :=accessProfileCompleteList[0].token
• Credential.CredentialAccessProfile.ValidFrom := validFromDateTime2 ifcap.CredentialAccessProfileValiditySupported is equal to true. OtherwiseCredential.CredentialAccessProfile.ValidFrom skipped.
• Credential.CredentialAccessProfile.ValidTo := ValidToDateTime2 ifcap.CredentialAccessProfileValiditySupported is equal to true. OtherwiseCredential.CredentialAccessProfile.ValidTo skipped.
18.The DUT responds with empty SetCredentialAccessProfilesResponse message.
19.Until oprationDelay timeout expires, repeat the following steps:
19.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
19.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
19.3. The DUT responds with PullMessagesResponse message with parameters
136 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
19.4. If m is not null and the TopicExpression item in m is not equal to "tns1:Configuration/Credential/Changed", FAIL the test and go to the step 26.
19.5. If m is not null and does not contain Source.SimpleItem item with Name ="CredentialToken" and Value = credentialToken, FAIL the test and go to the step 26.
19.6. If m is not null and contains Source.SimpleItem item with Name = "CredentialToken"and Value = credentialToken, go to the step 21.
20. If oprationDelay timeout expires for step 19 without Notification with CredentialToken sourcesimple item equal to credentialToken, FAIL the test and go to the step 26.
21.ONVIF client invokes GetCredentialAccessProfiles with parameters
• CredentialToken := credentialToken
22.The DUT responds with GetCredentialAccessProfilesResponse message withparameters
• CredentialAccessProfile list =: credentialAccessProfileList
23. If credentialAccessProfileList contains more or less than one CredentialAccessProfile item,FAIL the test and go to step 26.
24. If cap. CredentialAccessProfileValiditySupported is equal to true andcap.ValiditySupportsTimeValue is equal to false:
24.1. If credentialAccessProfileList[0].AccessProfileToken value is not equal toaccessProfileToken, FAIL the test and go to step 26.
24.2. If credentialAccessProfileList[0].ValidFrom value contains data component that doesnot equal to data component of validFromDateTime2, FAIL the test and go to step 26.
24.3. If credentialAccessProfileList[0].ValidTo value contains data component that does notequal to data component of validToDateTime2, FAIL the test and go to step 26.
24.4. Go to the step 26.
25. If credentialAccessProfileList[0] item does not have equal field values to values from step15, FAIL the test and go step 26.
www.onvif.org 137
ONVIF Credential Device Test Specification Version 18.12
26.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
27. If there was credential deleted at step 8, restore it (in credentialToRestore, stateToReastore)by following the procedure mentioned in Annex A.10 to restore DUT configuration.
28. If there was access profile created at step 6, ONVIF Client deletes it (in accessProfileToken)by following the procedure mentioned in Annex A.20 to restore DUT configuration.
29.ONVIF Client sends an Unsubscribe to the subscription endpoint s.
30.The DUT responds with UnsubscribeResponse message.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialAccessProfilesResponse message.
• The DUT did not send SetCredentialAccessProfilesResponse message.
• The DUT did not send CreatePullPointSubscriptionResponse message.
• The DUT did not send PullMessagesResponse message.
• The DUT did not send UnsubscribeResponse message.
Note: oprationDelay will be taken from Operation Delay field of ONVIF Device Test Tool.
4.6.4 DELETE CREDENTIAL ACCESS PROFILES
Test Case ID: CREDENTIAL-6-1-4
Specification Coverage: CredentialAccessProfile (ONVIF Credential Service Specification),DeleteCredentialAccessProfiles command (ONVIF Credential Service Specification)
Feature Under Test: DeleteCredentialAccessProfiles
WSDL Reference: credential.wsdl, accessrules.wsdl, and event.wsdl
Test Purpose: To verify Delete Credential Access Profiles.
Pre-Requisite: Credential Service is received from the DUT. Access Rules Service is received fromthe DUT. Event Service is received from the DUT. The DUT shall have enough free storage capacityfor one additional Credential.
138 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of access profile (out accessProfileCompleteList) byfollowing the procedure mentioned in Annex A.5.
4. Set the following:
• accessProfileToken := accessProfileCompleteList[0].token
5. If accessProfileCompleteList is empty, ONVIF Client creates access profile (outaccessProfileToken) by following the procedure mentioned in Annex A.19.
6. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
7. ONVIF Client checks free storage for additional Credential (in credentialCompleteList1, outcredentialToRestore, stateToReastore) by following the procedure mentioned in Annex A.7.
8. ONVIF Client creates credential (out credentialToken) with Antipassback Violation Stateequal to false (in false) by following the procedure mentioned in Annex A.11.
9. ONVIF client invokes SetCredentialAccessProfiles with parameters
• CredentialToken := credentialToken
• Credential.CredentialAccessProfile.AccessProfileToken := accessProfileToken
• Credential.CredentialAccessProfile.ValidFrom skipped
• Credential.CredentialAccessProfile.ValidTo skipped
10.The DUT responds with empty SetCredentialAccessProfilesResponse message.
11. ONVIF Client invokes CreatePullPointSubscription with parameters
• Filter.TopicExpression := "tns1:Configuration/Credential/Changed"
12.The DUT responds with a CreatePullPointSubscriptionResponse message withparameters
• SubscriptionReference =: s
• CurrentTime =: ct
www.onvif.org 139
ONVIF Credential Device Test Specification Version 18.12
• TerminationTime =: tt
13.ONVIF client invokes DeleteCredentialAccessProfiles with parameters
• CredentialToken := credentialToken
• AccessProfileToken := accessProfileToken
14.The DUT responds with empty DeleteCredentialAccessProfilesResponse message.
15.Until oprationDelay timeout expires, repeat the following steps:
15.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
15.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
15.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
15.4. If m is not null and the TopicExpression item in m is not equal to "tns1:Configuration/Credential/Changed", FAIL the test and go to the step 20.
15.5. If m is not null and does not contain Source.SimpleItem item with Name ="CredentialToken" and Value = credentialToken, FAIL the test and go to the step 20.
15.6. If m is not null and contains Source.SimpleItem item with Name = "CredentialToken"and Value = credentialToken, go to the step 17.
16. If oprationDelay timeout expires for step 15 without Notification with CredentialToken sourcesimple item equal to credentialToken, FAIL the test and go to the step 20.
17.ONVIF client invokes GetCredentialAccessProfiles with parameters
• CredentialToken := credentialToken
18.The DUT responds with GetCredentialAccessProfilesResponse message withparameters
• CredentialAccessProfile list =: credentialAccessProfileList
140 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
19. If credentialAccessProfileList contains at least one credential access profile item, FAIL thetest and go to step 20.
20.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
21. If there was credential deleted at step 7, restore it (in credentialToRestore, stateToReastore)by following the procedure mentioned in Annex A.10 to restore DUT configuration.
22. If there was access profile created at step 5, ONVIF Client deletes it (in accessProfileToken)by following the procedure mentioned in Annex A.20 to restore DUT configuration.
23.ONVIF Client sends an Unsubscribe to the subscription endpoint s.
24.The DUT responds with UnsubscribeResponse message.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialAccessProfilesResponse message.
• The DUT did not send SetCredentialAccessProfilesResponse message.
• The DUT did not send GetCredentialAccessProfilesResponse message.
• The DUT did not send CreatePullPointSubscriptionResponse message.
• The DUT did not send PullMessagesResponse message.
• The DUT did not send UnsubscribeResponse message.
4.6.5 GET CREDENTIAL ACCESS PROFILES WITH INVALIDTOKEN
Test Case ID: CREDENTIAL-6-1-5
Specification Coverage: GetCredentialAccessProfiles command (ONVIF Credential ServiceSpecification)
Feature Under Test: GetCredentialAccessProfiles
www.onvif.org 141
ONVIF Credential Device Test Specification Version 18.12
WSDL Reference: credential.wsdl
Test Purpose: To verify Get Credential Access Profiles with invalid token.
Pre-Requisite: Credential Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of credential info (out credentialInfoCompleteList) byfollowing the procedure mentioned in Annex A.1.
4. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
5. ONVIF Client invokes GetCredentialAccessProfiles with parameters
• Token := invalidToken
6. The DUT returns env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
4.6.6 SET CREDENTIAL ACCESS PROFILES WITH INVALIDCREDENTIAL TOKEN
Test Case ID: CREDENTIAL-6-1-6
Specification Coverage: SetCredentialAccessProfiles command (ONVIF Credential ServiceSpecification)
142 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Feature Under Test: SetCredentialAccessProfiles
WSDL Reference: credential.wsdl
Test Purpose: To verify Set Credential Access Profiles with invalid credential token.
Pre-Requisite: Credential Service is received from the DUT. Access Rules Service is received fromthe DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of access profiles (out accessProfileCompleteList) byfollowing the procedure mentioned in Annex A.5.
4. If accessProfileCompleteList is not empty:
4.1. Set the following:
• accessProfileToken := accessProfileCompleteList[0].token
4.2. Go to the step 6.
5. ONVIF Client creates access profile (out accessProfileToken) by following the procedurementioned in Annex A.19.
6. ONVIF Client retrieves a complete list of credential info (out credentialInfoCompleteList) byfollowing the procedure mentioned in Annex A.1.
7. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
8. ONVIF client invokes SetCredentialAccessProfiles with parameters
• CredentialToken := invalidToken
• Credential.CredentialAccessProfile.AccessProfileToken := accessProfileToken
• Credential.CredentialAccessProfile.ValidFrom skipped.
• Credential.CredentialAccessProfile.ValidTo skipped.
9. The DUT returns env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault.
www.onvif.org 143
ONVIF Credential Device Test Specification Version 18.12
10. If there was access profile created at step 5, ONVIF Client deletes it (in accessProfileToken)by following the procedure mentioned in Annex A.20 to restore DUT configuration.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
4.6.7 DELETE CREDENTIAL ACCESS PROFILES WITHINVALID CREDENTIAL TOKEN
Test Case ID: CREDENTIAL-6-1-7
Specification Coverage: DeleteCredentialAccessProfiles command (ONVIF Credential ServiceSpecification)
Feature Under Test: DeleteCredentialAccessProfiles
WSDL Reference: credential.wsdl
Test Purpose: To verify Delete Credential Access Profiles with invalid credential token.
Pre-Requisite: Credential Service is received from the DUT. Access Rules Service is received fromthe DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete list of access profiles (out accessProfileCompleteList) byfollowing the procedure mentioned in Annex A.5.
4. If accessProfileCompleteList is not empty:
144 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
4.1. Set the following:
• accessProfileToken := accessProfileCompleteList[0].token
4.2. Go to the step 6.
5. ONVIF Client creates access profile (out accessProfileToken) by following the procedurementioned in Annex A.19.
6. ONVIF Client retrieves a complete list of credential info (out credentialInfoCompleteList) byfollowing the procedure mentioned in Annex A.1.
7. Set the following:
• invalidToken := value not equal to any credentialInfoCompleteList.token
8. ONVIF client invokes DeleteCredentialAccessProfiles with parameters
• CredentialToken := invalidToken
• AccessProfileToken[0] := accessProfileToken
9. The DUT returns env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault.
10. If there was access profile created at step 5, ONVIF Client deletes it (in accessProfileToken)by following the procedure mentioned in Annex A.20 to restore DUT configuration.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
4.7 Reset Antipassback Violations
4.7.1 RESET ANTIPASSBACK VIOLATIONS
Test Case ID: CREDENTIAL-7-1-1
www.onvif.org 145
ONVIF Credential Device Test Specification Version 18.12
Specification Coverage: CredentialAccessProfile (ONVIF Credential Service Specification),ResetAntipassbackViolation command (ONVIF Credential Service Specification).
Feature Under Test: ResetAntipassbackViolation command (ONVIF Credential ServiceSpecification)
WSDL Reference: credential.wsdl and event.wsdl
Test Purpose: To verify resetting of antipassback violations and generating of appropriatenotifications.
Pre-Requisite: Credential Service is received from the DUT. Event Service is receivedfrom the DUT. Reset Antipassback Violations is supported by the DUT as indicated by theCapabilities.ResetAntipassbackSupported capability. The DUT shall have enough free storagecapacity for one additional Credential.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
4. If cap.ResetAntipassbackSupported is equal to false, FAIL the test and skip other steps.
5. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
6. ONVIF Client checks free storage for additional Credential (in credentialCompleteList1, outcredentialToRestore, stateToRestore) by following the procedure mentioned in Annex A.7.
7. ONVIF Client creates credential (out credentialToken) with Antipassback Violation Stateequal to true (in true) by following the procedure mentioned in Annex A.11.
8. ONVIF client retrieves credential state (in credentialToken, out credentialState) by followingthe procedure mentioned in Annex A.13.
9. If credentialState does not contain AntipassbackState elemet, FAIL the test and go to step20.
10. If credentialState.AntipassbackState.AntipassbackViolated equal to false, FAIL the test andgo to step 20.
11. ONVIF Client invokes CreatePullPointSubscription with parameters
146 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• Filter.TopicExpression := "tns1:Credential/State/ApbViolation"
12.The DUT responds with a CreatePullPointSubscriptionResponse message withparameters
• SubscriptionReference =: s
• CurrentTime =: ct
• TerminationTime =: tt
13.ONVIF client invokes ResetAntipassbackViolation with parameter
• Token := credentialToken
14.The DUT responds with empty ResetAntipassbackViolationResponse message.
15.Until oprationDelay timeout expires, repeat the following steps:
15.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
15.2. ONVIF Client invokes PullMessages to the subscription endpoint s with parameters
• Timeout := PT60S
• MessageLimit := 1
15.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage =: m
15.4. If m is not null:
15.4.1. If the TopicExpression item in m is not equal to "tns1:Credential/State/ApbViolation", FAIL the test and go to the step 20.
15.4.2. If m does not contain Source.SimpleItem item with Name = "CredentialToken"and Value = credentialToken, FAIL the test and go to the step 20.
15.4.2.1. If m does not contain Data.SimpleItem item with Name ="ApbViolated" and Value = false, FAIL the test and go to the step 20.
15.4.3. If m does not contain Data.SimpleItem item with Name = "ClientUpdated", FAILthe test and go to the step 20.
www.onvif.org 147
ONVIF Credential Device Test Specification Version 18.12
15.4.4. If m.Message.Message.Data.SimpleItem.ClientUpdated has value typedifferent from xs:boolean type, FAIL the test and go to the step 20.
15.4.5. Go to step 17.
16. If oprationDelay timeout expires for step 15 without Notification with Source.SimpleItem itemwith Name = "CredentialToken" and Value = credentialToken and Data.SimpleItem item withName = "ApbViolated" and Value = false, FAIL the test and go to the step 20.
17.ONVIF client retrieves credential state (in credentialToken, out credentialState) by followingthe procedure mentioned in Annex A.13.
18. If credentialState does not contain AntipassbackState elemet, FAIL the test and go to step20.
19. If credentialState.AntipassbackState.AntipassbackViolated equal to true, FAIL the test andgo to step 20.
20.ONVIF Client deletes the Credential (in credentialToken) by following the procedurementioned in Annex A.6 to restore DUT configuration.
21. If there was credential deleted at step 4, restore it (in credentialToRestore, stateToReastore)by following the procedure mentioned in Annex A.10 to restore DUT configuration.
22.ONVIF Client sends an Unsubscribe to the subscription endpoint s.
23.The DUT responds with UnsubscribeResponse message.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send ResetAntipassbackViolationResponse message.
• The DUT did not send CreatePullPointSubscriptionResponse message.
• The DUT did not send PullMessagesResponse message.
• The DUT did not send UnsubscribeResponse message.
Note: oprationDelay will be taken from Operation Delay field of ONVIF Device Test Tool.
148 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
4.7.2 RESET ANTIPASSBACK VIOLATIONS WITH INVALIDTOKEN
Test Case ID: CREDENTIAL-7-1-2
Specification Coverage: ResetAntipassbackViolation command (ONVIF Credential ServiceSpecification).
Feature Under Test: ResetAntipassbackViolation command (ONVIF Credential ServiceSpecification)
WSDL Reference: credential.wsdl
Test Purpose: To verify Reset Antipassback Violations with invalid token.
Pre-Requisite: Credential Service is received from the DUT. Reset Antipassback Violations issupported by the DUT as indicated by the Capabilities.ResetAntipassbackSupported capability.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client retrieves a complete credential information list (outcredentialInfoCompleteList) by following the procedure mentioned in Annex A.1.
4. Set the following:
5. invalidToken := value not equal to any credentialInfoCompleteList.token
6. ONVIF client invokes ResetAntipassbackViolation with parameters
• Token := invalidToken
7. The DUT returns env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send env:Sender\ter:InvalidArgVal\ter:NotFound SOAP 1.2 fault
www.onvif.org 149
ONVIF Credential Device Test Specification Version 18.12
Note: If the DUT sends other SOAP 1.2 fault message than specified, log WARNING message,and PASS the test.
4.8 Credential Events
4.8.1 CONFIGURATION CREDENTIAL CHANGED EVENT
Test Case ID: CREDENTIAL-8-1-2
Specification Coverage: Notification topics (ONVIF Credential Service Specification), Get eventproperties (ONVIF Core specification).
Feature Under Test: GetEventProperties
WSDL Reference: credential.wsdl and event.wsdl
Test Purpose: To verify tns1:Configuration/Credential/Changed event format.
Pre-Requisite: Credential Service is supported by the DUT. Event Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client invokes GetEventProperties.
4. The DUT responds with a GetEventPropertiesResponse message with parameters
• TopicNamespaceLocation list
• FixedTopicSet
• TopicSet =: topicSet
• TopicExpressionDialect list
• MessageContentFilterDialect list
• MessageContentSchemaLocation list
5. If topicSet does not contain tns1:Configuration/Credential/Changed topic, FAIL the test andskip other steps.
150 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
6. ONVIF Client verifies tns1:Configuration/Credential/Changed topic (changedTopic) fromtopicSet:
6.1. If changedTopic.MessageDescription.IsProperty equals to true, FAIL the test and skipother steps.
6.2. If changedTopic does not contain MessageDescription.Source.SimpleItemDescriptionitem with Name = "CredentialToken", FAIL the test and skip other steps.
6.3. If changedTopic.MessageDescription.Source.SimpleItemDescription with Name ="CredentialToken" does not have Type = "pt:ReferenceToken", FAIL the test and skipother steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetEventPropertiesResponse message.
4.8.2 CONFIGURATION CREDENTIAL REMOVED EVENT
Test Case ID: CREDENTIAL-8-1-3
Specification Coverage: Notification topics (ONVIF Credential Service Specification), Get eventproperties (ONVIF Core specification).
Feature Under Test: GetEventProperties
WSDL Reference: credential.wsdl and event.wsdl
Test Purpose: To verify tns1:Configuration/Credential/Removed event format.
Pre-Requisite: Credential Service is supported by the DUT. Event Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client invokes GetEventProperties.
www.onvif.org 151
ONVIF Credential Device Test Specification Version 18.12
4. The DUT responds with a GetEventPropertiesResponse message with parameters
• TopicNamespaceLocation list
• FixedTopicSet
• TopicSet =: topicSet
• TopicExpressionDialect list
• MessageContentFilterDialect list
• MessageContentSchemaLocation list
5. If topicSet does not contain tns1:Configuration/Credential/Removed topic, FAIL the test andskip other steps.
6. ONVIF Client verifies tns1:Configuration/Credential/Removed topic (removedTopic) fromtopicSet:
6.1. If removedTopic.MessageDescription.IsProperty equals to true, FAIL the test and skipother steps.
6.2. If removedTopic does not contain MessageDescription.Source.SimpleItemDescriptionitem with Name = "CredentialToken", FAIL the test and skip other steps.
6.3. If removedTopic.MessageDescription.Source.SimpleItemDescription with Name ="CredentialToken" does not have Type = "pt:ReferenceToken", FAIL the test and skipother steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetEventPropertiesResponse message.
4.8.3 CREDENTIAL STATE ENABLED EVENT
Test Case ID: CREDENTIAL-8-1-4
Specification Coverage: Notification topics (ONVIF Credential Service Specification), Get eventproperties (ONVIF Core specification).
152 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Feature Under Test: GetEventProperties
WSDL Reference: credential.wsdl and event.wsdl
Test Purpose: To verify tns1:Credential/State/Enabled event format.
Pre-Requisite: Credential Service is supported by the DUT. Event Service is received from the DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client invokes GetEventProperties.
4. The DUT responds with a GetEventPropertiesResponse message with parameters
• TopicNamespaceLocation list
• FixedTopicSet
• TopicSet =: topicSet
• TopicExpressionDialect list
• MessageContentFilterDialect list
• MessageContentSchemaLocation list
5. If topicSet does not contain tns1:Credential/State/Enabled topic, FAIL the test and skip othersteps.
6. ONVIF Client verifies tns1:Credential/State/Enabled topic (StateEnabledTopic) fromtopicSet:
6.1. If StateEnabledTopic.MessageDescription.IsProperty equals true, FAIL the test andskip other steps.
6.2. If StateEnabledTopic does not containMessageDescription.Source.SimpleItemDescription item with Name ="CredentialToken", FAIL the test and skip other steps.
6.3. If StateEnabledTopic.MessageDescription.Source.SimpleItemDescription with Name= "CredentialToken" does not have Type = "pt:ReferenceToken", FAIL the test and skipother steps.
www.onvif.org 153
ONVIF Credential Device Test Specification Version 18.12
6.4. If StateEnabledTopic does not containMessageDescription.Data.SimpleItemDescription item with Name = "State", FAIL thetest and skip other steps.
6.5. If StateEnabledTopic.MessageDescription.Data.SimpleItemDescription with Name ="State" does not have Type = "xs:boolean", FAIL the test and skip other steps.
6.6. If StateEnabledTopic does not containMessageDescription.Data.SimpleItemDescription item with Name = "Reason", FAILthe test and skip other steps.
6.7. If StateEnabledTopic.MessageDescription.Data.SimpleItemDescription with Name ="Reason" does not have Type = "xs:string", FAIL the test and skip other steps.
6.8. If StateEnabledTopic does not contain Data.SimpleItemDescription with Name ="ClientUpdated", FAIL the test and skip other steps.
6.9. If StateEnabledTopic.Message.Message.Data.SimpleItemDescription with Name ="ClientUpdated" does not have Type = "xs:boolean", FAIL the test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetEventPropertiesResponse message.
4.8.4 CREDENTIAL STATE ANTIPASSBACK VIOLATIONEVENT
Test Case ID: CREDENTIAL-8-1-5
Specification Coverage: Notification topics (ONVIF Credential Service Specification), Get eventproperties (ONVIF Core specification).
Feature Under Test: GetEventProperties
WSDL Reference: credential.wsdl and event.wsdl
Test Purpose: To verify tns1:Credential/State/ApbViolation event format.
Pre-Requisite: Credential Service is supported by the DUT. Event Service is received from theDUT. ResetAntipassbackViolation capability is supported by the DUT.
154 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
3. ONVIF Client invokes GetEventProperties.
4. The DUT responds with a GetEventPropertiesResponse message with parameters
• TopicNamespaceLocation list
• FixedTopicSet
• TopicSet =: topicSet
• TopicExpressionDialect list
• MessageContentFilterDialect list
• MessageContentSchemaLocation list
5. If topicSet does not contain tns1:Credential/State/ApbViolation topic, FAIL the test and skipother steps.
6. ONVIF Client verifies tns1:Credential/State/ApbViolation topic (ApbViolationTopic) fromtopicSet:
6.1. If ApbViolationTopic.MessageDescription.IsProperty equal to true, FAIL the test andskip other steps.
6.2. If ApbViolationTopic does not containMessageDescription.Source.SimpleItemDescription item with Name ="CredentialToken", FAIL the test and skip other steps.
6.3. If ApbViolationTopic.MessageDescription.Source.SimpleItemDescription with Name ="CredentialToken" does not have Type = "pt:ReferenceToken", FAIL the test and skipother steps.
6.4. If ApbViolationTopic does not containMessageDescription.Data.SimpleItemDescription item with Name = "ApbViolation",FAIL the test and skip other steps.
6.5. If ApbViolationTopic.MessageDescription.Data.SimpleItemDescription with Name ="ApbViolation" does not have Type = "xs:boolean", FAIL the test and skip other steps.
www.onvif.org 155
ONVIF Credential Device Test Specification Version 18.12
6.6. If ApbViolationTopic does not contain Data.SimpleItemDescription with Name ="ClientUpdated", FAIL the test and skip other steps.
6.7. If ApbViolationTopic.Message.Message.Data.SimpleItemDescription with Name ="ClientUpdated" does not have Type = "xs:boolean", FAIL the test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send GetEventPropertiesResponse message.
4.9 Consistency
4.9.1 GET CREDENTIAL AND GET ACCESS PROFILE INFOLIST CONSISTENCY
Test Case ID: CREDENTIAL-9-1-1
Specification Coverage: Credential (ONVIF Credential Service Specification), AccessProfileInfo(ONVIF Access Rules Service Specification)
Feature Under Test: GetCredentials, GetAccessProfileInfo
WSDL Reference: credential.wsdl and accessrules.wsdl
Test Purpose: To verify that all Access Profile Tokens from GetCredentialResponses could be listedthrough GetAccessProfileInfoList command.
Pre-Requisite: Credential Service is received from the DUT. Access Rules Service is received fromthe DUT.
Test Configuration: ONVIF Client and DUT
Test Procedure:
1. Start an ONVIF Client.
2. Start the DUT.
156 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
3. ONVIF Client retrieves a complete list of credentials (out credentialCompleteList) byfollowing the procedure mentioned in Annex A.3.
4. ONVIF Client retrieves a complete list of access profile info (outaccessProfileInfoCompleteList) by following the procedure mentioned in Annex A.12.
5. For each Credential.CredentialAccessProfile.AccessProfileToken(credentialAccessProfileToken) from credentialCompleteList repeat the following steps:
5.1. If credentialAccessProfileToken is not listed in accessProfileInfoCompleteList, FAILthe test and skip other steps.
Test Result:
PASS –
• DUT passes all assertions.
www.onvif.org 157
ONVIF Credential Device Test Specification Version 18.12
Annex A Helper Procedures and Additional Notes
A.1 Get credentials information list
Name: HelperGetCredentialInfoList
Procedure Purpose: Helper procedure to get complete credentials information list.
Pre-requisite: Credential Service is received from the DUT.
Input: None.
Returns: The complete list of credentials information (credentialInfoCompleteList).
Procedure:
1. ONVIF client invokes GetCredentialInfoList with parameters
• Limit skipped
• StartReference skipped
2. The DUT responds with GetCredentialInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoCompleteList
3. Until nextStartReference is not null, repeat the following steps:
3.1. ONVIF client invokes GetCredentialInfoList with parameters
• Limit skipped
• StartReference := nextStartReference
3.2. The DUT responds with GetCredentialInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• CredentialInfo list =: credentialInfoListPart
3.3. Set the following:
• credentialInfoCompleteList := credentialInfoCompleteList + credentialInfoListPart
Procedure Result:
www.onvif.org 158
ONVIF Credential Device Test Specification Version 18.12
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialInfoListResponse message
A.2 Get service capabilities
Name: HelperGetServiceCapabilities
Procedure Purpose: Helper procedure to get service capabilities.
Pre-requisite: Credential Service is received from the DUT.
Input: None
Returns: The service capabilities (cap).
Procedure:
1. ONVIF Client invokes GetServiceCapabilities.
2. The DUT responds with a GetServiceCapabilitiesResponse message with parameters
• Capabilities =: cap
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetServiceCapabilitiesResponse message
A.3 Get credentials list
Name: HelperGetCredentialList
Procedure Purpose: Helper procedure to get complete credentials list with.
Pre-requisite: Credential Service is received from the DUT.
Input: None.
Returns: The complete list of credentials (credentialCompleteList).
www.onvif.org 159
ONVIF Credential Device Test Specification Version 18.12
Procedure:
1. ONVIF client invokes GetCredentialList with parameters
• Limit skipped
• StartReference skipped
2. The DUT responds with GetCredentialListResponse message with parameters
• NextStartReference =: nextStartReference
• Credential list =: credentialCompleteList
3. Until nextStartReference is not null, repeat the following steps:
3.1. ONVIF client invokes GetCredentialList with parameters
• Limit skipped
• StartReference := nextStartReference
3.2. The DUT responds with GetCredentialListResponse message with parameters
• NextStartReference =: nextStartReference
• Credential list =: credentialListPart
3.3. Set the following:
• credentialCompleteList := credentialCompleteList + credentialListPart
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialListResponse message
A.4 Change credential state
Name: HelperChangeCredentialState
Procedure Purpose: Helper procedure to change credential state.
Pre-requisite: Credential Service is received from the DUT.
160 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Input: Credential token (credentialToken), credential state (credentialState).
Returns: None.
Procedure:
1. If credentialState.Enabled equal to true, do the following steps:
1.1. ONVIF client invokes DisableCredential with parameters
• Token := credentialToken
• Reason := "Test Reason"
1.2. The DUT responds with empty DisableCredentialResponse message.
2. If credentialState.Enabled is equal to false, perform the following steps:
2.1. ONVIF client invokes EnableCredential with parameters
• Token := credentialToken
• Reason := "Test Reason"
2.2. The DUT responds with empty EnableCredentialResponse message.
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send EnableCredentialResponse message.
• The DUT did not send DisableCredentialResponse message.
A.5 Get access profiles list
Name: HelperGetAccessProfilesList
Procedure Purpose: Helper procedure to get complete access profiles list with.
Pre-requisite: Access Rules Service is received from the DUT.
Input: None.
Returns: The complete list of access profiles (accessProfileCompleteList).
www.onvif.org 161
ONVIF Credential Device Test Specification Version 18.12
Procedure:
1. ONVIF client invokes GetAccessProfileList with parameters
• Limit skipped
• StartReference skipped
2. The DUT responds with GetAccessProfileListResponse message with parameters
• NextStartReference =: nextStartReference
• AccessProfile list =: accessProfileCompleteList
3. Until nextStartReference is not null, repeat the following steps:
3.1. ONVIF client invokes GetAccessProfileList with parameters
• Limit skipped
• StartReference := nextStartReference
3.2. The DUT responds with GetAccessProfileListResponse message with parameters
• NextStartReference =: nextStartReference
• AccessProfile list =: accessProfileListPart
3.3. Set the following:
• accessProfileCompleteList := accessProfileCompleteList + accessProfileListPart
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetAccessProfileListResponse message.
A.6 Delete credential
Name: HelperDeleteCredential
Procedure Purpose: Helper procedure to delete credential.
Pre-requisite: Credential Service is received from the DUT.
162 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Input: Credential Token (credentialToken).
Returns: None.
Procedure:
1. ONVIF Client invokes DeleteCredential request with parameters
• Token =: credentialToken
2. The DUT responds with DeleteCredentialResponse message.
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send DeleteCredentialResponse message
A.7 Free storage for additional credential
Name: HelperCheckFreeStorageForCredential
Procedure Purpose: Helper procedure to provide possibility to add a credential.
Pre-requisite: Credential Service is received from the DUT.
Input: The complete list of credentials (credentialCompleteList).
Returns: Removed credential (credentialToRestore) and its state (stateToRestore) if any.
Procedure:
1. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
2. ONVIF client compares cap.MaxCredentials with number of items at credentialCompleteList.
3. If number of items of credentialCompleteList less than cap.MaxCredential, skip other steps.
4. If number of items at credentialCompleteList equal to cap.MaxCredentials, execute thefollowing steps:
4.1. ONVIF client invokes GetCredentials with parameters
• Token list := credentialCompleteList[0].token
www.onvif.org 163
ONVIF Credential Device Test Specification Version 18.12
4.2. The DUT responds with GetCredentialsResponse message with parameters
• Credential list =: credentialToRestore
4.3. ONVIF client invokes GetCredentialState with parameters
• Token[0] := credentialCompleteList[0].token
4.4. The DUT responds with GetCredentialStateResponse message with parameters
• State =: stateToRestore
4.5. ONVIF Client deletes the Credential (in credentialCompleteList[0].token) by followingthe procedure mentioned in Annex A.6.
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The number of items at accessProfileCompleteList more than cap.MaxAccessProfiles.
• The DUT did not send GetCredentialsResponse message.
• The DUT did not send GetCredentialStateResponse message.
A.8 Get credential
Name: HelperGetCredential
Procedure Purpose: Helper procedure to get credential.
Pre-requisite: Credential Service is received from the DUT.
Input: Credential Token (credentialToken).
Returns: Credential List (credentialList).
Procedure:
1. ONVIF Client invokes GetCredentials with parameters
• Token[0] := credentialToken
2. The DUT responds with GetCredentialsResponse message with parameters:
164 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• Credential list =: credentialList
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialsResponse message.
A.9 Get credential info
Name: HelperGetCredentialInfo
Procedure Purpose: Helper procedure to get credential info.
Pre-requisite: Credential Service is received from the DUT.
Input: Credential Token (credentialToken).
Returns: Credential Info List (credentialInfoList).
Procedure:
1. ONVIF Client invokes GetCredentialInfo with parameters
• Token[0] := credentialToken
2. The DUT sends the GetCredentialInfoResponse message with parameters
• CredentialInfo =: credentialInfoList
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialInfoResponse message
A.10 Restore credential
Name: HelperRestoreCredential
www.onvif.org 165
ONVIF Credential Device Test Specification Version 18.12
Procedure Purpose: Helper procedure to restore credential.
Pre-requisite: Credential Service is received from the DUT.
Input: Credential (credentialToRestore) and its state (stateToRestore).
Returns: None.
Procedure:
1. Set:
• credentialToRestore.token := "";
2. ONVIF client invokes CreateCredential with parameters
• Credential := credentialToRestore
• State := stateToRestore
3. The DUT responds with CreateCredentialResponse message with parameters
• Token =: credentialToken
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send CreateCredentialResponse message
A.11 Create credential
Name: HelperCreateCredential
Procedure Purpose: Helper procedure to create credential.
Pre-requisite: Credential Service is received from the DUT.
Input: Credential Service capabilities (cap) (optional input parameter, could be skipped),Antipassback Violation State (AntipassbackViolated).
Returns: Credential Token (credentialToken), Credential identifier Type Name (typeName),Credential identifier Format Type (formatType), Credential identifier value (value).
166 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Procedure:
1. If cap is skipped, ONVIF Client gets the service capabilities (out cap) by following theprocedure mentioned in Annex A.2.
2. ONVIF Client retrieves (in cap.SupportedIdentifierType) a supported Credential identifiertype name (out typeName) with Credential identifier Format Type (out formatType) and withcredential identifier value (out value) by following the procedure mentioned in Annex A.15.
3. ONVIF client invokes CreateCredential with parameters
• Credential.token := ""
• Credential.Description := "Test Description"
• Credential.CredentialHolderReference := "TestUser"
• Credential.ValidFrom skipped
• Credential.ValidTo skipped
• Credential.CredentialIdentifier[0].Type.Name := typeName
• Credential.CredentialIdentifier[0].Type.FormatType := formatType
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := false
• Credential.CredentialIdentifier[0].Value := value
• Credential.CredentialAccessProfile skipped
• Credential.Extension skipped
• State.Enabled := true
• State.Reason := "Test Reason"
• State.AntipassbackState.AntipassbackViolated := AntipassbackViolated ifcap.ResetAntipassbackSupported value is equal to true, otherwiseState.AntipassbackState is skipped
4. The DUT responds with CreateCredentialResponse message with parameters
• Token =: credentialToken
Procedure Result:
PASS –
www.onvif.org 167
ONVIF Credential Device Test Specification Version 18.12
• DUT passes all assertions.
FAIL –
• The DUT did not send CreateCredentialResponse message
A.12 Get access profiles information list
Name: HelperGetAccessProfileInfoList
Procedure Purpose: Helper procedure to get complete access profiles information list.
Pre-requisite: Access Rules Service is received from the DUT.
Input: None.
Returns: The complete list of access profiles information (accessProfileInfoCompleteList).
Procedure:
1. ONVIF client invokes GetAccessProfileInfoList with parameters
• Limit skipped
• StartReference skipped
2. The DUT responds with GetAccessProfileInfoListResponse message with parameters
• NextStartReference =: nextStartReference
• AccessProfileInfo list =: accessProfileInfoCompleteList
3. Until nextStartReference is not null, repeat the following steps:
3.1. ONVIF client invokes GetAccessProfileInfoList with parameters
• Limit skipped
• StartReference := nextStartReference
3.2. The DUT responds with GetAccessProfileInfoListResponse message withparameters
• NextStartReference =: nextStartReference
• AccessProfileInfo list =: accessProfileInfoListPart
3.3. Set the following:
168 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• accessProfileInfoCompleteList := accessProfileInfoCompleteList +accessProfileInfoListPart
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetAccessProfileInfoListResponse message
A.13 Get credential state
Name: HelperGetCredentialState
Procedure Purpose: Helper procedure to get credential state.
Pre-requisite: Credential Service is received from the DUT.
Input: Credential Token (credentialToken).
Returns: Credential State (credentialState).
Procedure:
1. ONVIF Client invokes GetCredentialState with parameters
• Token[0] := credentialToken
2. The DUT responds with GetCredentialStateResponse message with parameters
• State =: credentialState
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetCredentialStateResponse message
A.14 Supported credential identifier format types
The list of supported credential identifier format types is the following:
www.onvif.org 169
ONVIF Credential Device Test Specification Version 18.12
• WIEGAND26
• WIEGAND37
• WIEGAND37_FACILITY
• FACILITY16_CARD32
• FACILITY32_CARD32
• FASC_N
• FASC_N_BCD
• FASC_N_LARGE
• FASC_N_LARGE_BCD
• GSA75
• GUID
• CHUID
• USER_PASSWORD
• SIMPLE_NUMBER16
• SIMPLE_NUMBER32
• SIMPLE_NUMBER56
• SIMPLE_ALPHA_NUMERIC
• ABA_TRACK2
A.15 Get Credential Identifier type and value
Name: HelperGetCredentialIdentifierTypeAndValue
Procedure Purpose: Helper procedure to get one Credential identifier Type Name with onecorresponding FormatType and corresponding Value.
Pre-requisite: Credential Service is received from the DUT.
Input: List of supported Identifies types (identifierTypeList).
170 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Returns: Credential identifier Type Name (typeName) with corresponding Credential identifierFormat Type (formatType) and Credential identifier value (value).
Procedure:
1. For each IdentifierType (typeName) contained in identifierTypeList repeat the followingsteps:
1.1. ONVIF client invokes GetSupportedFormatTypes with parameters
• CredentialIdentifierTypeName := typeName
1.2. The DUT responds with GetSupportedFormatTypesResponse message withparameters
• FormatTypeInfo list =: formatTypeInfoList
1.3. If formatTypeInfoList is empty, FAIL the test and skip other steps.
1.4. For each FormatType (formatType) from formatTypeInfoList repeat the following steps:
1.4.1. If formatType is listed in Annex A.14 go to step 2.
2. ONVIF Client generate appropriate value (value) for formatType and skip other steps.
3. ONVIF Client gets values from the Management tab for typeName, formatType and value.
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetSupportedFormatTypesResponse message
Note: If values for typeName, formatType or value were empty on the Management tab at step 3,FAIL the test.
A.16 Get Credential Identifier type name list with at least twoFormat Type
Name: HelperGetCredentialIdentifierName
Procedure Purpose: Helper procedure to get list of Credential identifier Type Name items whichsupport at least two Format Types.
www.onvif.org 171
ONVIF Credential Device Test Specification Version 18.12
Pre-requisite: Credential Service is received from the DUT.
Input: None.
Returns: CredentialIdentifierTypeNameList
Procedure:
1. ONVIF Client gets the service capabilities (out cap) by following the procedure mentionedin Annex A.2.
2. For each SupportedIdentifierType (typeName) contained in cap.SupportedIdentifierTyperepeat the following steps:
2.1. ONVIF client invokes GetSupportedFormatTypes with parameters
• CredentialIdentifierTypeName := typeName
2.2. The DUT responds with GetSupportedFormatTypesResponse message withparameters
• FormatTypeInfo list =: formatTypeInfoList
2.3. If formatTypeInfoList is empty, FAIL the test and skip other steps.
2.4. If formatTypeInfoList contains at least two FormatType items do the following:
2.4.1. CredentialIdentifierTypeNameList := CredentialIdentifierTypeNameList +typeName
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetSupportedFormatTypesResponse message
A.17 Get Credential Identifier type and value for Type Namewith at least two Format Type
Name: HelperGetCredentialIdentifierTypeAndValue2
Procedure Purpose: Helper procedure to get one Credential identifier Type Name with twocorresponding FormatType and corresponding Values.
172 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Pre-requisite: Credential Service is received from the DUT.
Input: CredentialIdentifierTypeNameList.
Returns: Credential identifier Type Name (typeName) with corresponding Credential identifierFormat Type (formatType1) and Credential identifier value (value1), and with correspondingCredential identifier Format Type (formatType2) and Credential identifier value (value2).
Procedure:
1. For each IdentifierTypeName (typeName) contained in CredentialIdentifierTypeNameListrepeat the following steps:
1.1. ONVIF client invokes GetSupportedFormatTypes with parameters
• CredentialIdentifierTypeName := typeName
1.2. The DUT responds with GetSupportedFormatTypesResponse message withparameters
• FormatTypeInfo list =: formatTypeInfoList
1.3. If formatTypeInfoList is empty, FAIL the test and skip other steps.
1.4. If at least two FormatTypes (formatType1, formatType2) from formatTypeInfoList arelisted in Annex A.14 go to step 2.
2. ONVIF Client generates an appropriate value (value1) for formatType1 and appropriatevalue (value2) for formatType2 and skip other steps.
3. ONVIF Client gets typeName with at least two Format Type items from the Management tab.
4. ONVIF Client gets appropriate values (formatType1, value1) and (formatType2, value2) fromthe Management tab for typeName.
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send GetSupportedFormatTypesResponse message
Note: If there was no typeName with at least two Format Type items and corresponding values forFormatType on the Management tab, FAIL the test.
www.onvif.org 173
ONVIF Credential Device Test Specification Version 18.12
A.18 Create credential with two Credential identifier items
Name: HelperCreateCredential2
Procedure Purpose: Helper procedure to create credential with two Credential identifier items.
Pre-requisite: Credential Service is received from the DUT.
Input: Credential Service capabilities (cap) (optional input parameter, could be skipped),Antipassback Violation State (AntipassbackViolated).
Returns: Credential Token (credentialToken), the first Credential identifier Type Name (typeName1)with corresponding Credential identifier Format Type (formatType1) and corresponding Credentialidentifier value (value1), the second Credential identifier Type Name (typeName2) withcorresponding Credential identifier Format Type (formatType2) and corresponding Credentialidentifier value (value2).
Procedure:
1. If cap is skipped, ONVIF Client gets the service capabilities (out cap) by following theprocedure mentioned in Annex A.2.
2. ONVIF Client retrieves (in cap.SupportedIdentifierType) a supported Credential identifiertype name (out typeName1) with Credential identifier Format Type (out formatType1) andwith credential identifier value (out value1) by following the procedure mentioned in AnnexA.15.
3. Set the following:
• identifierTypeList := cap.SupportedIdentifierType - typeName1
4. ONVIF Client retrieves (in identifierTypeList) other supported Credential identifier typename (out typeName2) with Credential identifier Format Type (out formatType2) and withcredential identifier value (out value2) by following the procedure mentioned in Annex A.15.
5. ONVIF client invokes CreateCredential with parameters
• Credential.token := ""
• Credential.Description := "Test Description"
• Credential.CredentialHolderReference := "TestUser"
• Credential.ValidFrom skipped
• Credential.ValidTo skipped
174 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• Credential.CredentialIdentifier[0].Type.Name := typeName1
• Credential.CredentialIdentifier[0].Type.FormatType := formatType1
• Credential.CredentialIdentifier[0].ExemptedFromAuthentication := false
• Credential.CredentialIdentifier[0].Value := value1
• Credential.CredentialIdentifier[1].Type.Name := typeName2
• Credential.CredentialIdentifier[1].Type.FormatType := formatType2
• Credential.CredentialIdentifier[1].ExemptedFromAuthentication := false
• Credential.CredentialIdentifier[1].Value := value2
• Credential.CredentialAccessProfile skipped
• Credential.Extension skipped
• State.Enabled := true
• State.Reason := "Test Reason"
• State.AntipassbackState.AntipassbackViolated := AntipassbackViolated ifcap.ResetAntipassbackSupported value is equal to true, otherwise otherwiseState.AntipassbackState is skipped
6. The DUT responds with CreateCredentialResponse message with parameters
• Token =: credentialToken
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send CreateCredentialResponse message
A.19 Create access profile
Name: HelperCreateAccessProfile
Procedure Purpose: Helper procedure to Create access profile.
www.onvif.org 175
ONVIF Credential Device Test Specification Version 18.12
Pre-requisite: Access Rules Service is received from the DUT.
Input: None.
Returns: Access Profile Token (accessProfileToken).
Procedure:
1. ONVIF Client invokes CreateAccessProfile with parameters
• AccessProfile.token := ""
• AccessProfile.Name := "Test Access Profile"
• AccessProfile.Description := "Test Description"
• AccessProfile.AccessPolicy skipped
• AccessProfile.Extension skipped
2. The DUT responds with CreateAccessProfileResponse message with parameters
• Token =: accessProfileToken
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send CreateAccessProfileResponse message
A.20 Delete access profile
Name: HelperDeleteAccessProfile
Procedure Purpose: Helper procedure to delete access profile.
Pre-requisite: Access Rules Service is received from the DUT.
Input: Access Profile Token (accessProfileToken).
Returns: None.
Procedure:
1. ONVIF Client invokes DeleteAccessProfile with parameters
176 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
• Token =: accessProfileToken
2. The DUT sends the DeleteAccessProfileResponse message.
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• The DUT did not send DeleteAccessProfileResponse message
A.21 Create Pull Point Subscription
Name: HelperCreatePullPointSubscription
Procedure Purpose: Helper procedure to create PullPoint Subscription with specified Topic.
Pre-requisite: Event Service is received from the DUT.
Input: Notification Topic (topic).
Returns: Subscription reference (s), current time for the DUT (ct), subscription termination time (tt).
Procedure:
1. ONVIF Client invokes CreatePullPointSubscription request with parameters
• Filter.TopicExpression := topic
• Filter.TopicExpression.@Dialect := "http://www.onvif.org/ver10/tev/topicExpression/ConcreteSet"
2. The DUT responds with CreatePullPointSubscriptionResponse message withparameters
• SubscriptionReference =: s
• CurrentTime =: ct
• TerminationTime =: tt
Procedure Result:
PASS –
www.onvif.org 177
ONVIF Credential Device Test Specification Version 18.12
• DUT passes all assertions.
FAIL –
• DUT did not send CreatePullPointSubscriptionResponse message.
A.22 Delete Subscription
Name: HelperDeleteSubscription
Procedure Purpose: Helper procedure to delete supscribtion.
Pre-requisite: Event Service is received from the DUT.
Input: Subscription reference (s)
Returns: None
Procedure:
1. ONVIF Client sends an Unsubscribe to the subscription endpoint s.
2. The DUT responds with UnsubscribeResponse message.
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send UnsubscribeResponse message.
A.23 Retrieve Credential Changed Event by PullPoint
Name: HelperPullCredentialChanged
Procedure Purpose: Helper procedure to retrieve and check tns1:Configuration/Credential/Changed event with PullMessages.
Pre-requisite: Event Service is received from the DUT.
Input: Subscription reference (s), current time for the DUT (ct), Subscription termination time (tt)and Credential token (credentialToken).
Returns: None
178 www.onvif.org
ONVIF Credential Device Test Specification Version 18.12
Procedure:
1. Until operationDelay timeout expires, repeat the following steps:
1.1. ONVIF Client waits for time t := min{(tt-ct)/2, 1 second}.
1.2. ONVIF Client invokes PullMessages to the subscription endpoint s request withparameters
• Timeout := PT60S
• MessageLimit := 1
1.3. The DUT responds with PullMessagesResponse message with parameters
• CurrentTime =: ct
• TerminationTime =: tt
• NotificationMessage list =: notificationMessageList
1.4. If notificationMessageList is not empty and the CredentialToken source simple itemin notificationMessageList is equal to credentialToken, skip other steps and finish theprocedure.
1.5. If operationDelay timeout expires for step 1 without Notification with Token sourcesimple item equal to credentialToken, FAIL the test, restore the DUT state, and skipother steps.
Procedure Result:
PASS –
• DUT passes all assertions.
FAIL –
• DUT did not send PullMessagesResponse message.
Note: operationDelay will be taken from Operation Delay field of ONVIF Device Test Tool.
www.onvif.org 179